mvc 3 session and authorizeAttribute

我的梦境 提交于 2020-01-01 03:46:06

问题


My site is open to all but i have a controller with some method that only the manager with the user and password can enter. I'm saving the bool IsManager in a session.
I would like to use the authorize attribute to block whom ever IsManager == false.


回答1:


First define an ActionFilter:

public class TheFilter: ActionFilterAttribute
{
   public override void OnActionExecuting(ActionExecutingContext filterContext)
   {
        var session = filterContext.HttpContext.Session;
        if ((bool?)session["IsManager"] == true)
            return;

        //Redirect him to somewhere.
        var redirectTarget = new RouteValueDictionary
             {{"action", "{ActionName}"}, {"controller", "{ControllerName}"}};
        filterContext.Result = new RedirectToRouteResult(redirectTarget);
   }
}

Then use it above the restricted Action(or controller):

//[TheFilter]
public class ManagersController : Controller
{
    [TheFilter]
    public ActionResult Foo()
    {
        ...
        return View();
    }
}



回答2:


To keep this in line with ASP.NET security you should add the IsManager role to your membership/role system, then add that user to the role. No hacking required then and you can use the built in Authorize attribute.

Are you using the built in membership providers? If so this would be a snap.



来源:https://stackoverflow.com/questions/9809703/mvc-3-session-and-authorizeattribute

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!