MVC 授權過濾器簡單 實現
阿新 • • 發佈:2018-12-03
首先建立一個過濾器 MyAuthorizeAttribute 繼承AuthorizeAttribute,並重寫 AuthorizeCore
public class MyAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { string currentRole = httpContext.Request.Cookies["role"].Value; //從Session中獲取User物件,然後得到其角色資訊。如果使用者重寫了Identity, 則可以在httpContext.Current.User.Identity中獲取 if (Roles.Contains(currentRole)) return true; return base.AuthorizeCore(httpContext); } }
然後controler 引用過濾器
[MyAuthorize(Roles = "Admin")]
public ActionResult Index()
{
return Content("過濾器通過了");
}
接下來再做一個授權不通過跳轉到登入介面的:
先重寫HandleUnauthorizedRequest
/// <summary> /// 重寫過濾不過跳轉登入介面 /// </summary> /// <param name="filterContext"></param> protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { filterContext.HttpContext.Response.Redirect("/Home/Login"); //base.HandleUnauthorizedRequest(filterContext); }
public ActionResult login()
{
return Content("這是登入介面");
}