问题
I use a custom AuthorizationFilter like the followings:
public class ActionAuthorizeAttribute : AuthorizeAttribute {
protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) {
if(!httpContext.User.Identity.IsAuthenticated)
return false;
if(IsUserExcluded())
return false;
else
return IsRoleAuthorize(httpContext);
}
}
I use this filter at the top of each action I have, and for check Is Authorized, need Action Name, Controller Name, And Area Name. So is there any way to get this names in AuthorizeCore()
method like use System.Web.HttpContextBase
? if answer is No then how can I get this names and pass it to attribute, obviously I don't want to add each name by hand, actually something likeViewContext.RouteData.Values["Controller"]
in controllers:
[ActionAuthorize(actionName=Action, controller=ControllerName, area=AreaName)]
public ActionResult Index() {
return View();
}
Does any one have any idea about it?
回答1:
You could fetch them from the RouteData:
protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
{
var rd = httpContext.Request.RequestContext.RouteData;
string currentAction = rd.GetRequiredString("action");
string currentController = rd.GetRequiredString("controller");
string currentArea = rd.Values["area"] as string;
...
}
回答2:
Face the same issue just a moment ago and my solution is:
Define 2 attributes in your ActionAuthorizeAttribute class e.g.
public string ControllerName {get;set;} public string ActionName {get;set;}
While annotating your action of the controller specify them e.g.
[ActionAuthorize(Roles="Admin", ContollerName="ControllerName",ActionName="ActionName")]** public ActionResult Disable(int id) { ... }
回答3:
Getting the area will not work if you are on a custom filter the next will work to get an area
filterContext.RouteData.DataTokens["area"]
回答4:
> namespace dene.kontroller {
> public class daAttribute: AuthorizeAttribute
> {
> private Entities db = new Entities();
> private readonly string[] allowedroles;
> public daAttribute(params string[] roles)
> {
> this.allowedroles = roles;
> }
>
>
> protected override bool AuthorizeCore(HttpContextBase httpContext)
> {
> bool authorize = false;
> foreach (var role in allowedroles)
> {
> if (role == HttpContext.Current.User.Identity.Name)
> {
>
> if (role!= null)
> {
> authorize = true;
> }
> }
>
>
> }
> return authorize;
> }
>
>
> protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
> {
>
> FormsAuthentication.SignOut();
> filterContext.Result = new HttpUnauthorizedResult();
> }
>
> } }
来源:https://stackoverflow.com/questions/9976476/get-actionname-controllername-and-areaname-and-pass-it-in-actionfilter-attribut