Custom Authorize Attribute

后端未结

关注

 1  1976

I\'m building my own membership system and I want nothing to do with the MS Membership provider. I\'ve looked around the internet and here on StackOverflow but all I could f

相关标签:

1条回答

暗喜

2020-11-29 02:03
Yes, you got it right (IMO it's safer and simpler to implement a custom membership provider, but it's your choice)
1. Yes, it's correct
2. You do it right
3. You inherit the roles property from the AuthorizeAttribute base class and you check in your implementation if the user is in the role.
Edit: a little more on the roles thing

if you have
```
[SharweAuthorize(Roles="MyRole")]
```
then you can check the Roles property in the AuthorizeCore method
```
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    if (SessionManager.CheckSession(SessionKeys.User) == true) {
        if (SessionManager.CheckUserIsInRole( Roles )) // where Roles == "MyRole"
           return true;
    }
    return false;
}
```
0 讨论(0)
发布评论:

提交评论
- 加载中...