我正在使用Authorize属性进行基于角色的身份验证
public class CheckAuthorizationAttribute : AuthorizeAttribute
{
private class Http401Result : ActionResult
{
public override void ExecuteResult(ControllerContext context)
{
// Set the response code to 401.
context.HttpContext.Response.StatusCode = 401;
context.HttpContext.Response.StatusDescription = "NotAuthorized";
context.HttpContext.Response.End();
}
}
string strActionName;
public CheckAuthorizationAttribute(string ActionName = null)
{
strActionName = ActionName;
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var rd = httpContext.Request.RequestContext.RouteData;
int RoleId = SessionManager.SystemRoleID;
int UserID = SessionManager.SystemUserID;
strActionName = strActionName ?? rd.GetRequiredString("action");
string ControllerName = rd.GetRequiredString("controller");
string[] AllowedPages = { "ChangePassword", "Logout", "PageNotFound", "LoadData", "Index" };
//Type MyType = Type.GetType("System.Reflection.FieldInfo");
//MethodInfo Mymethodinfo = MyType.GetMethod(ActionName);
//var vReuslt = Mymethodinfo.ReturnType;
if (RoleId != (int)EnumList.RoleType.Administrator /*&& !AllowedPages.Contains(strActionName)*/)
{
IList<usp_GetPermissionList_Result> lstPermission = new List<usp_GetPermissionList_Result>();
if (RoleId != 0 && UserID != 0)
lstPermission = new BLSystemRole().BL_GetPermissionList(new SystemRole() { SystemRoleID = RoleId, UserID = UserID, ControllerName = ControllerName, ActionName = strActionName, IntStatus = 1 });
if (lstPermission.Count() == 0)
{
return false;
}
else
{
return true;
}
}
else
{
return true;
}
}
//public override void OnAuthorization(AuthorizationContext filterContext)
//{
// int RoleId = SessionManager.SystemRoleID;
// int UserID = SessionManager.SystemUserID;
// strActionName = strActionName ?? filterContext.ActionDescriptor.ActionName;
// string ControllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
// string[] AllowedPages = { "ChangePassword", "Logout", "PageNotFound", "LoadData", "Index" };
// //Type MyType = Type.GetType("System.Reflection.FieldInfo");
// //MethodInfo Mymethodinfo = MyType.GetMethod(ActionName);
// //var vReuslt = Mymethodinfo.ReturnType;
// if (RoleId != (int)EnumList.RoleType.Administrator /*&& !AllowedPages.Contains(strActionName)*/)
// {
// IList<usp_GetPermissionList_Result> lstPermission=new List<usp_GetPermissionList_Result>();
// if (RoleId != 0 && UserID != 0)
// lstPermission = new BLSystemRole().BL_GetPermissionList(new SystemRole() { SystemRoleID = RoleId, UserID = UserID, ControllerName = ControllerName, ActionName = strActionName, IntStatus = 1 });
// if (lstPermission.Count() == 0)
// {
// if (filterContext.HttpContext.Request.IsAjaxRequest())
// {
// filterContext.HttpContext.Response.StatusCode = 401;
// filterContext.HttpContext.Response.StatusDescription = "NotAuthorized";
// //filterContext.HttpContext.Response.SuppressFormsAuthenticationRedirect = true;
// HandleUnauthorizedRequest(filterContext);
// filterContext.HttpContext.Response.End();
// }
// else
// filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "action", "Index" }, { "controller", "Unauthorised" } });
// }
// }
//}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (filterContext.RequestContext.HttpContext.Request.IsAjaxRequest())
{
//Ajax request doesn't return to login page, it just returns 401 error.
filterContext.Result = new Http401Result();
}
else
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "action", "Index" }, { "controller", "Unauthorised" } });
}
}
这是一个类,如您所见,构造函数采用的属性返回操作名称
赞
[CheckAuthorization("Edit")]
public JsonResult UpdateStatus(MST_Country pObjCountry)
{
Dictionary<string, object> dcResponse = new Dictionary<string, object>();
if (pObjCountry.CountryID != 0)
{
pObjCountry.ModifiedBy = SessionManager.SystemUserID;
pObjCountry.ModifiedDate = CommUtil.GetCurrentDateTime();
FuncResponse mObjFuncResponse = new BLCountry().BL_UpdateStatus(pObjCountry);
dcResponse["success"] = mObjFuncResponse.Success;
dcResponse["Message"] = mObjFuncResponse.Message;
}
else
{
dcResponse["success"] = false;
dcResponse["Message"] = "Invalid Action";
}
return Json(dcResponse, JsonRequestBehavior.AllowGet);
}
但是我有一些JSON结果,这些结果称为不同的视图,例如添加或编辑我如何动态定义哪个视图正在调用[CheckAuthorization(动态数据应在此处)
编辑后的代码在这里:
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var rd = httpContext.Request.RequestContext.RouteData;
int intRoleId = SessionManager.SystemRoleID;
int intUserID = SessionManager.SystemUserID;
string strControllerName = rd.GetRequiredString("controller");
strActionName =rd.GetRequiredString("action");
if (httpContext.Request.IsAjaxRequest())
{
var values = RouteDataContext.RouteValuesFromUri(httpContext.Request.UrlReferrer);
strActionName = values["action"].ToString();
}
if (intRoleId != (int)EnumList.RoleType.Administrator)
{
IList<usp_GetPermissionList_Result> lstPermission = SessionManager.lstPermissionList.Where(t => t.ActionName == strActionName && t.ControllerName == strControllerName).ToList();
//lstPermission = new BLSystemRole().BL_GetPermissionList(new SystemRole() { SystemRoleID = intRoleId, UserID = intUserID, ControllerName = strControllerName, ActionName = strActionName, IntStatus = 1 });
if (lstPermission.Count() == 0)
{
return false;
}
else
{
return true;
}
}
else
{
return true;
}
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (filterContext.RequestContext.HttpContext.Request.IsAjaxRequest())
{
//Ajax request doesn't return to login page, it just returns 401 error.
filterContext.Result = new Http401Result();
}
else
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "action", "Index" }, { "controller", "Unauthorised" } });
}