Get ActionName, ControllerName and AreaName and pass it in ActionFilter Attribute

问题

I use a custom AuthorizationFilter like the followings:

public class ActionAuthorizeAttribute : AuthorizeAttribute {

protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) {

        if(!httpContext.User.Identity.IsAuthenticated)
            return false;

        if(IsUserExcluded())
            return false;
        else
            return IsRoleAuthorize(httpContext);
    }
}

I use this filter at the top of each action I have, and for check Is Authorized, need Action Name, Controller Name, And Area Name. So is there any way to get this names in AuthorizeCore() method like use System.Web.HttpContextBase? if answer is No then how can I get this names and pass it to attribute, obviously I don't want to add each name by hand, actually something likeViewContext.RouteData.Values["Controller"] in controllers:

[ActionAuthorize(actionName=Action, controller=ControllerName, area=AreaName)]
public ActionResult Index() {
    return View();
}

Does any one have any idea about it?

回答1:

You could fetch them from the RouteData:

protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
{
    var rd = httpContext.Request.RequestContext.RouteData;
    string currentAction = rd.GetRequiredString("action");
    string currentController = rd.GetRequiredString("controller");
    string currentArea = rd.Values["area"] as string;

    ...

}

回答2:

Face the same issue just a moment ago and my solution is:

Define 2 attributes in your ActionAuthorizeAttribute class e.g.

public string ControllerName {get;set;}
public string ActionName {get;set;}

While annotating your action of the controller specify them e.g.

[ActionAuthorize(Roles="Admin", ContollerName="ControllerName",ActionName="ActionName")]**
public ActionResult Disable(int id)
{
 ...
}

回答3:

Getting the area will not work if you are on a custom filter the next will work to get an area

filterContext.RouteData.DataTokens["area"]

回答4:

> namespace dene.kontroller {
>     public class daAttribute: AuthorizeAttribute
>     {
>         private Entities db = new Entities();
>         private readonly string[] allowedroles;
>         public daAttribute(params string[] roles)
>         {
>             this.allowedroles = roles;
>         }
> 
> 
>         protected override bool AuthorizeCore(HttpContextBase httpContext)
>         {
>             bool authorize = false;
>             foreach (var role in allowedroles)
>             {
>                 if (role == HttpContext.Current.User.Identity.Name)
>                 {
>                      
>                     if (role!= null)
>                     {
>                         authorize = true;
>                     }
>                 }
>                 
> 
>             }
>             return authorize;
>         }
> 
> 
>         protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
>         {
> 
>             FormsAuthentication.SignOut();
>             filterContext.Result = new HttpUnauthorizedResult();
>         }
> 
>     } }

来源：https://stackoverflow.com/questions/9976476/get-actionname-controllername-and-areaname-and-pass-it-in-actionfilter-attribut

标签

asp.net-mvc

asp.net-mvc-3

authorization

action-filter

authorize-attribute