2

我做了一个AuthorizeAttributeBaseto extend AuthorizeAttribute。它看起来像这样:

public abstract class MyAuthorizeAttribute : AuthorizeAttribute
{
//Holds the roles allowed to perform the action.
public IEnumerable<string> roles { get; set; }

/// <summary>
/// Authorizes if the current user may perform the action
/// </summary>
/// <param name="httpContext">Unused - included for override purposes.</param>
/// <returns>true if authorized.</returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    //Return true if user is in the action allowed roles.
    if (IsUserInRole)
    {
        return true;
    }
    else
    {
        HttpContext.Current.Response.StatusCode = 401;
        return false;
    }
}

/// <summary>
/// Checks if the user is member of a role that is allowed by the authorization
/// </summary>
public bool IsUserInRole
{
    get
    {
        if (roles != null)
        {
            //Check if any of the roles in the session is in the list of roles of the authorization
            return (MySessionGetter.GetSession().Roles.Intersect<string>(roles).Any());
        }
        //If none of the roles match return false.
        return false;
    }
}

/// <summary>
/// Sets the allowed roles of the authorization
/// </summary>
/// <param name="userRoles">Allowed roles</param>
public void AlowedRoles(IEnumerable<string> userRoles)
{
    roles = userRoles;
}

我保留允许的角色名,如下所示:

/// <summary>
/// Holds the role names.
/// </summary>
public static class UserRoles
{
    public static string Administrators = "Administrators";
    public static string Teachers= "Teachers";
}

并像这样使用我的基地:

/// <summary>
/// Authorization for the access to the SomeAction 
/// </summary>
public class AuthorizeAccessToSomeActionAttribute : MyAuthorizeAttribute
{
    public AuthorizeAccessToSomeActionAttribute()
    {
        AlowedRoles(new List<string> {  UserRoles.Adminstrators, 
                                            UserRoles.Teachers });
    }
}

最后但并非最不重要的控制器:

    /// <summary>
    /// The main Index view of application
    /// </summary>
    /// <returns>Application Index views</returns>
    [AuthorizeAccessToSomeAction]
    public ActionResult Index()
    {
            return View("Index");
    }

现在我想做的是在AuthorizeAttributes 的基础上使索引开关返回值。让我们说教师对TeachersIndex()和管理员对AdministratorsIndex().

我尝试将其添加到基础:

//Checks if the current user is authorized. 
public bool IsAuthorized()
{
    return AuthorizeCore(new HttpContextWrapper());
}

但我最终不得不AutorizeAttribute每次都创建新的。让它static似乎给我带来了更多的问题。

有没有正确的方法来解决这个问题?

解决了。:)OnAuthorization覆盖让我有了新的线索。发现了这个问题

我将重定向放在 a 中,Dictionary<string, RedirectToRouteResult>因为我喜欢将所有角色字符串保存在一个地方而不是用魔术字符串填充我的控制器的想法。

public static Dictionary<string, RedirectToRouteResult>     HomeRedirect
    {
        get
        {
            return new Dictionary<string, RedirectToRouteResult> {
                {"Administrators", new RedirectToRouteResult(
                    new RouteValueDictionary { { "action", "AdministratorIndex" }, { "controller", "MyController" }})},
                {"Teacher", new RedirectToRouteResult(
                    new RouteValueDictionary { { "action", "TeacherIndex" }, { "controller", "MyController" }})}
};

现在override HandleUnauthorizedRequest看起来像这样:

        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
        filterContext.Result = UserRoles.HomeRedirect
            .SingleOrDefault(m => m.Key == MySessionGetter.GetSession().Roles.First()).Value;
    }
4

1 回答 1

2

看看 RedirectToRouteResult 和 RedirectResult。这将是一个好的开始:

// Redirects users of given role to given action
public class AuthorizeAccessToSomeActionAttribute : MyAuthorizeAttribute
{
    public string Role { get; set; }
    public string RedirectToAction { get; set; }

    public AuthorizeAccessToSomeActionAttribute(string role, string action)
    {
        Role = role;
        RedirectToAction = action;
    }
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
       // Test if current user is in the role
       if (filterContext.HttpContext.User.IsInRole(Role))
       {
            // Get current routevalues
            var rvals = filterContext.RouteData.Values;
            // Change action
            rvals["action"] = RedirectToAction;
            filterContext.Result = new RedirectToRouteResult("Default",rvals);
       }
    }
}

用法:

    // Redirect role to given action
    [AuthorizeAccessToSomeActionAttribute("Teacher", "TeacherIndex" )]
    [AuthorizeAccessToSomeActionAttribute("Admin", "AdminIndex" )]
    public ActionResult Index()
    ...
    public ActionResult TeacherIndex()
    ...
    public ActionResult AdminIndex()
于 2013-05-31T08:38:30.837 回答