参考网址:http://bbs.csdn.net/topics/370002739
http://blog.csdn.net/chenloveyue/article/details/7095522
http://zhidao.baidu.com/link?url=PJc1jFn52apSxE6QqCZwcq92z7XFpXH91Ud5U0ZuNKR3YO1djilKx3UM-tX1wcwk4oNYOhMGhX6B2YRABOlqMK(如何不让ActionResult不继续执行)
需求:想对每个事件进行权限控制,如:某个用户访问UserController的GetList Action时,需要先校验该用户是否有权限.
问题:
- 不想每个Action中都去写权限校验程序( protected override void OnAuthorization(AuthorizationContext filterContext))
- Controller如何获取当前用户(session)
- Controller如何获取用户访问哪个Controller及Action(filterContext.HttpContext.Request.Path)
先创建一个类MyPower,重写OnAuthorization
代码:
namespace MvcStudyStep.Controllers { [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false)] public class MyPower : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { if (!new PowerData().CheckUserPower(filterContext.HttpContext.Session["UserName"].ToString(), filterContext.HttpContext.Request.Path.Trim())) { filterContext.Result = new ContentResult { Content = "没有权限" }; MyMessage message = new MyMessage(); message.MyTitle = "没有权限"; message.MyDesc = filterContext.HttpContext.Session["UserName"].ToString()+":"+filterContext.HttpContext.Request.Path.Trim() ; filterContext.HttpContext.Session["MessageObject"] = message; filterContext.HttpContext.Response.Redirect("/Message/detail"); } else { base.OnAuthorization(filterContext); } } } }
filterContext.Result这段必须加上,否则后面的ActionResult还是会执行.
如:你删除记录时,系统会提示没有权限,但删除操作仍执行了.
问题:
1:ActionResult仍执行的问题(已解决)
2:定义一个通用信息页面(接受信息对象并显示在页面),本想在OnAuthorization中把信息对象构建好后直接传给View,不知到如何写,就用Session来传,感觉不太好.