zoukankan      html  css  js  c++  java
  • 自定义授权筛选器

    Demo

        [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
        public class AdminAuthorizeAttribute : FilterAttribute, IAuthorizationFilter
        {
            public void OnAuthorization(AuthorizationContext filterContext)
            {
                if (SkipAuthorization(filterContext))
                {
                    return;
                }
                if (filterContext == null)
                    throw new ArgumentNullException("filterContext");
    
                //判断是否已登陆
                if (HttpContext.Current == null ||
                    !HttpContext.Current.Request.IsAuthenticated ||
                    !(HttpContext.Current.User.Identity is FormsIdentity))
                {
                    filterContext.Result = new HttpUnauthorizedResult();
                }
                else
                {
                    //判断角色权限
                    var authenticationService = DependencyResolver.Current.GetService<IFormsAuthenticationService>();
                    var roleRelationFunction = new List<CustomerRoleFunction>();
                    var controllerName = filterContext.RouteData.Values["controller"].ToString();
                    var actionName = filterContext.RouteData.Values["action"].ToString();
                    var customer = authenticationService.GetCustomer();
                    if (customer != null)
                    {
                        roleRelationFunction.AddRange(customer.CustomerRoles.SelectMany(roles => roles.CustomerRoleFunctions));
                    }
                    if (!roleRelationFunction.Any(c => c.ActionName == actionName && c.ControllerName == controllerName))
                    {
                        HandleUnauthorizedRequest(filterContext, "你无此权限,如需要请通知管理员添加,点击返回");
                    }
                }
            }
    
            private void HandleUnauthorizedRequest(AuthorizationContext filterContext, string message)
            {
                var content = new ContentResult
                {
                    Content = string.Format("<a href='javascript:history.go(-1);'>{0}</a>", message)
                };
                filterContext.Result = content;
            }
    
            /// <summary>
            /// 过滤 AllowAnonymousAttribute 特性
            /// </summary>
            /// <param name="filterContext"></param>
            /// <returns></returns>
            private static bool SkipAuthorization(AuthorizationContext filterContext)
            {
                Contract.Assert(filterContext != null);
    
                return filterContext.ActionDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true).Any()
                       || filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true).Any();
            }
        }
  • 相关阅读:
    [osg][原]自定义osgGA漫游器
    [osg]osg窗口显示和单屏幕显示
    sql中去除重复的数据 select distinct * from table
    Microsoft VBScript 运行时错误 错误 800a005e 无效使用 Null: Replace
    如何解决Access操作或事件已被禁用模式阻止
    sql 中 '' 与 null 的区别
    IsNull、rs、sum
    Access与SQL中的IsNull(),IS NULL的区别
    ASP将Table导出Excel
    ASP如何将table导出EXCEL表格
  • 原文地址:https://www.cnblogs.com/ideacore/p/7600850.html
Copyright © 2011-2022 走看看