我试图通过创建基本控制器并覆盖OnAuthorization方法来使用我自己的授权。
授权失败时工作正常,但当我的检查成功时,我得到一个401页面(但默认授权检查失败)。
protected override void OnAuthorization(AuthorizationContext filterContext)
{
var roleAttribute = typeof(AuthorizeAttribute);
var attributes = filterContext.ActionDescriptor.GetCustomAttributes(roleAttribute, true);
if (attributes.Length == 0)
attributes = GetType().GetCustomAttributes(roleAttribute, true);
if (attributes.Length == 0)
return;
MvcHelper.Authenticate();
foreach (AuthorizeAttribute item in attributes)
{
if (!Thread.CurrentPrincipal.IsInRole(item.Roles))
{
filterContext.Result = new RedirectResult("~/Error/Unauthorized/" + "?MissingRole=" + item.Roles);
return;
}
}
//how do I prevent the default authorization here?
}
我尝试了filterContext.HttpContext.SkipAuthorization = true;,但没有用。
答案 0 :(得分:0)
我通常在ActionFilter中执行此操作:https://gist.github.com/e297b435ceb8f022fb95
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext == null)
throw new ArgumentNullException("FilterContext");
if (AuthProvider == null)
throw new ArgumentNullException("IAuthProvider");
if (AuthProvider.Authenticate(filterContext) == false)
{
var req = filterContext.HttpContext.Request;
var response = filterContext.HttpContext.Response;
response.StatusCode = 401;
response.AddHeader("WWW-Authenticate", "Basic realm=\"Emergidata\"");
response.End();
}
else
{
var controller = filterContext.Controller as IAppController;
controller.DynamicSession= AuthProvider.AuthProviderContext;
}
}
答案 1 :(得分:0)
我会分两步完成:
AuthorizeAttribute。