最普遍的情况:等级不一样等级的人,他们对一个方法(Action)的权限不一样.
说明:有的等级能访问该方法,有的等级不能访问,有的等级只能部分访问:此处不考虑因为设计耦合度高).
针对于这种情况,人分等级(不一样的角色).
最后我们根据权限树(不一定是xml)来决定该方法是否属于某一等级
<?xml version="1.0" encoding="utf-8" ?>
<Roles>
<Controller name="Home">
<Action name="Index"></Action>
<Action name="About">Manager,Admin</Action>
<Action name="Contact">Admin</Action>
</Controller>
</Roles>
<Roles>
<Controller name="Home">
<Action name="Index"></Action>
<Action name="About">Manager,Admin</Action>
<Action name="Contact">Admin</Action>
</Controller>
</Roles>
一个用户在登录时,我们决定在系统中设置其权限角色(数据存放在数据库中的,此刻只是载入),在权限验证的过程中,审核该用户在此方法有指定的角色.
很多东西没有完美,只有如何更好的解决问题.
单一职责原则很重要,但需要更完善的设计来维护复杂不单一的需求.
总结:一个人会有多个角色;
一个角色支配着很多方法.给一个具体角色指定它的方法集合最便捷;
方法本身验证来者的角色;
思路:
登陆时设置该用户角色:
System.Web.Security.FormsAuthentication.SetAuthCookie("Admin,Manager",true);
角色验证时:
if (Roles.Contains(httpContext.User.Identity.Name))//仅仅思路,代码不准确,只是表达意思
GlobalFilters.Filters.Add(...);
参考代码.
View Code 
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Xml.Linq;
using Moon.Orm;
using mynorthdb;
namespace Razor.Moon
{
/// <summary>
/// Description of CheckLoginAttribute.
/// </summary>
public class CustemerAuthenAttribute:AuthorizeAttribute
{
public new string[] Roles { get; set; }
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null) {
throw new ArgumentNullException("HttpContext");
}
if (!httpContext.User.Identity.IsAuthenticated) {
return false;
}
if (Roles == null) {
return true;
}
if (Roles.Length == 0)
{
return true;
}
if (Roles.Contains(httpContext.User.Identity.Name))
{
return true;
}
return false;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
//处理非授权请求
filterContext.Result = new RedirectResult("/");
}
public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)
{
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
string actionName = filterContext.ActionDescriptor.ActionName;
string roles = GetRoles.GetActionRoles(actionName, controllerName);
if (!string.IsNullOrWhiteSpace(roles)) {
this.Roles = roles.Split(new string[] { "," }, StringSplitOptions.RemoveEmptyEntries);
}
base.OnAuthorization(filterContext);
}
}
}
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Xml.Linq;
using Moon.Orm;
using mynorthdb;
namespace Razor.Moon
{
/// <summary>
/// Description of CheckLoginAttribute.
/// </summary>
public class CustemerAuthenAttribute:AuthorizeAttribute
{
public new string[] Roles { get; set; }
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null) {
throw new ArgumentNullException("HttpContext");
}
if (!httpContext.User.Identity.IsAuthenticated) {
return false;
}
if (Roles == null) {
return true;
}
if (Roles.Length == 0)
{
return true;
}
if (Roles.Contains(httpContext.User.Identity.Name))
{
return true;
}
return false;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
//处理非授权请求
filterContext.Result = new RedirectResult("/");
}
public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)
{
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
string actionName = filterContext.ActionDescriptor.ActionName;
string roles = GetRoles.GetActionRoles(actionName, controllerName);
if (!string.IsNullOrWhiteSpace(roles)) {
this.Roles = roles.Split(new string[] { "," }, StringSplitOptions.RemoveEmptyEntries);
}
base.OnAuthorization(filterContext);
}
}
}