我想检查当前用户是否有权执行此操作的方法的授权。
这是我拥有的属性的示例:
[AttributeUsageAttribute(AttributeTargets.Method)]
public class IsAuthorized : Attribute
{
public IsAuthorized(Rights right)
{
bool isAuthorized = false;
if (right == Rights.None)
isAuthorized = true;
else
{
DataAccessLayer.IDAL dal = new DataAccessLayer.DAL();
string userName = Thread.CurrentPrincipal.Identity.Name;
Guid userID = dal.GetUserIDFromUserName(userName);
isAuthorized = dal.HasRight(userID, right.ToString());
}
if (!isAuthorized)
throw new SecurityException("You don't have the rights to perform this action");
}
}
这就是我如何检查用户是否有权访问该方法的方式:
[IsAuthorized(Rights.CreateUserGroup)]
public string Ping()
{
return "The service is online";
}