在我的项目中,我实现了自己的authorize属性以及自定义角色提供程序和自定义sql提供程序。那些是由ninject注入的。
自定义sql提供程序和自定义角色提供程序正常工作。
问题出在我的自定义授权上。即使我调用没有自定义属性的操作,它也会一直触发。
任何人都有同样的问题吗?
更新
我的NinjectConttroller类:
public class NinjectControllerFactory : DefaultControllerFactory
{
private IKernel kernel = new StandardKernel(new SiteServices());
protected override IController GetControllerInstance(RequestContext context, Type controllerType)
{
if (controllerType == null)
return null;
return (IController)kernel.Get(controllerType);
}
private class SiteServices : NinjectModule
{
public override void Load()
{
Bind<ISQLMembershipProvider>().ToConstructor(x => new SQLMemberShipProvider(ModelHelpers.SpotDBEntitiesConnectionString));
Bind<ISQLRoleProvider>().ToConstructor(x => new SQLRoleProvider(ModelHelpers.SpotDBEntitiesConnectionString));
}
}
public void InjectProvides()
{
kernel.Inject(System.Web.Security.Membership.Provider);
kernel.Inject(System.Web.Security.Roles.Provider);
}
}
My Global asax:
protected void Application_Start()
{
NinjectControllerFactory controllerFactory = new NinjectControllerFactory();
controllerFactory.InjectProvides();
//AreaRegistration.RegisterAllAreas();
//WebApiConfig.Register(GlobalConfiguration.Configuration);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
//AuthConfig.RegisterAuth();
ModelBinders.Binders.Add(typeof(decimal), new DecimalModelBinder());
//ModelBinders.Binders.Add(typeof(DateTime), new DateTimeModelBinder());
//ModelBinders.Binders.Add(typeof(DateTime?), new DateTimeModelBinder());
//ModelBinders.Binders.Add(typeof(SaftProject.Models.vmReservaRegistrationBase), new InheritanceModelBinder());
}
MyCustomAuthorizeAttribute
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if (filterContext.Result is HttpUnauthorizedResult)
{
RouteData["returnUrl"] = filterContext.HttpContext.Request.RawUrl;
var urlHelper = new UrlHelper(filterContext.RequestContext);
string url = urlHelper.RouteUrl(RouteData);
filterContext.Result = new RedirectToRouteResult(RouteData);
}
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
UtilizadorRole userRole;
var cacheUserRole = new Cache<UtilizadorRole>();
if (cacheUserRole.IsValid) userRole = cacheUserRole.Data;
else throw new TimeoutException("Sessão expirou");
//verifica o httpcontext
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
System.Security.Principal.IPrincipal user = httpContext.User;
bool temRole = false;
if (!user.Identity.IsAuthenticated)
{
temRole = false;
}
if (userRole.RoleID == 5 && Users.Length > 0 && !Users.Contains(user.Identity.Name, StringComparer.OrdinalIgnoreCase))
{
temRole = false;
}
if (userRole.RoleID == 5 && Roles.Length > 0 && !temRole)
{
temRole = false;
}
foreach (string role in Roles)
{
if (userRole.Role.Role1 == role)
{
temRole = true;
break;
}
}
return temRole;
}
CustomAuthorize用法:
[MyCustomAuthorizeAttribute("Login", "Account", Roles = new string[] { "Financial Manager", "Accountant" })]