获取ActionName,ControllerName和Area Name,并在Action Filter Attribute中传递它

时间:2012-04-02 12:31:04

标签: asp.net-mvc asp.net-mvc-3 authorization action-filter authorize-attribute

我使用自定义AuthorizationFilter,如下所示:

public class ActionAuthorizeAttribute : AuthorizeAttribute {

protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) {

        if(!httpContext.User.Identity.IsAuthenticated)
            return false;

        if(IsUserExcluded())
            return false;
        else
            return IsRoleAuthorize(httpContext);
    }
}

我在每个操作的顶部使用此过滤器,并且对于检查是否已授权,需要操作名称,控制器名称和区域名称。那么有没有办法在AuthorizeCore()方法中使用System.Web.HttpContextBase来获取此名称?如果答案为否,那么如何获取此名称并将其传递给属性,显然我不想手动添加每个名称,实际上类似于控制器中的ViewContext.RouteData.Values["Controller"]

[ActionAuthorize(actionName=Action, controller=ControllerName, area=AreaName)]
public ActionResult Index() {
    return View();
}

有人对此有任何想法吗?

5 个答案:

答案 0 :(得分:80)

您可以从RouteData中获取它们:

protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
{
    var rd = httpContext.Request.RequestContext.RouteData;
    string currentAction = rd.GetRequiredString("action");
    string currentController = rd.GetRequiredString("controller");
    string currentArea = rd.Values["area"] as string;

    ...

}

答案 1 :(得分:1)

刚才面对同样的问题我的解决方案是:

  1. 在ActionAuthorizeAttribute类中定义2个属性,例如

    public string ControllerName {get;set;}
public string ActionName {get;set;}

  2. 在注释控制器的操作时指定它们,例如

    [ActionAuthorize(Roles="Admin", ContollerName="ControllerName",ActionName="ActionName")]**
public ActionResult Disable(int id)
{
 ...
}

答案 2 :(得分:0)

如果您使用的是自定义过滤器,则无法使用该区域 下一个将努力获得一个区域

@objc var sectionTitle: String? {
    //this is **transient** property
    //to set it as transient, check mark the box with same name in data model
    return time!.getTimeStrWithDayPrecision()
}

答案 3 :(得分:0)

> namespace dene.kontroller {
>     public class daAttribute: AuthorizeAttribute
>     {
>         private Entities db = new Entities();
>         private readonly string[] allowedroles;
>         public daAttribute(params string[] roles)
>         {
>             this.allowedroles = roles;
>         }
> 
> 
>         protected override bool AuthorizeCore(HttpContextBase httpContext)
>         {
>             bool authorize = false;
>             foreach (var role in allowedroles)
>             {
>                 if (role == HttpContext.Current.User.Identity.Name)
>                 {
>                      
>                     if (role!= null)
>                     {
>                         authorize = true;
>                     }
>                 }
>                 
> 
>             }
>             return authorize;
>         }
> 
> 
>         protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
>         {
> 
>             FormsAuthentication.SignOut();
>             filterContext.Result = new HttpUnauthorizedResult();
>         }
> 
>     } }

答案 4 :(得分:0)

如果无法获取区域,则可以通过以下方式从 RouteData 获取:

 string currentArea = string.Empty;
 if (rd.DataTokens.TryGetValue("area", out object area))
 {
     currentArea = area.ToString();
 }
相关问题
最新问题