在ASP.NET MVC中使用filter做权限

ASP.NET MVC中有一个基础的过滤器基类：FilterAttribute
和几个接口：
IActionFilter
IAuthorizationFilter
IExceptionFilter
IResultFilter

实现IAuthorizationFilter可以做权限限制：


public class AuthorAttribute : FilterAttribute,IAuthorizationFilter
    {
        #region IAuthorizationFilter 成员

        public void OnAuthorization(AuthorizationContext filterContext)
        {
            string controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower();
            string action = filterContext.ActionDescriptor.ActionName.ToLower();

            ModelEntites me = new ModelEntites();

            AuthorInfo author = me.AuthorInfo.First(a => a.Controller == controller && a.Action == action);
            UserInfo userInfo = me.UserInfo.FirstOrDefault(u => u.UserID == 1);
            if (userInfo == null)
            {
                Do(filterContext);
                return;
            }

            userInfo.RoleInfoReference.Load();
            RoleAuthorInfo raInfo = me.RoleAuthorInfo.First(ra => ra.AuthorInfo.AuthorID == author.AuthorID && ra.RoleInfo.RoleID == userInfo.RoleInfo.RoleID);
            if(raInfo == null)
            {
                Do(filterContext);
            }
        }


        private void Do(AuthorizationContext filterContext)
        {
            string controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower();
            string action = filterContext.ActionDescriptor.ActionName.ToLower();

            filterContext.Controller.TempData["msg"] = "木有权限";
            filterContext.Controller.TempData["url"] = "";
            filterContext.Controller.TempData["from_controller"] = controller;
            filterContext.Controller.TempData["from_action"] = action;

            filterContext.HttpContext.Response.Redirect(filterContext.HttpContext.Request.ApplicationPath + string.Format("Home/Index/"));
        }

        #endregion
    }


在要限制的Controller上加声明即可：
[AuthorAttribute]
    public class HelloController : Controller

访问该controller中的action，会被限制，也可以加到action前面。

public class AuthorAttribute : FilterAttribute,IAuthorizationFilter { #region IAuthorizationFilter 成员 public void OnAuthorization(AuthorizationContext filterContext) { string controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower(); string action = filterContext.ActionDescriptor.ActionName.ToLower(); ModelEntites me = new ModelEntites(); AuthorInfo author = me.AuthorInfo.First(a => a.Controller == controller && a.Action == action); UserInfo userInfo = me.UserInfo.FirstOrDefault(u => u.UserID == 1); if (userInfo == null) { Do(filterContext); return; } userInfo.RoleInfoReference.Load(); RoleAuthorInfo raInfo = me.RoleAuthorInfo.First(ra => ra.AuthorInfo.AuthorID == author.AuthorID && ra.RoleInfo.RoleID == userInfo.RoleInfo.RoleID); if(raInfo == null) { Do(filterContext); } } private void Do(AuthorizationContext filterContext) { string controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower(); string action = filterContext.ActionDescriptor.ActionName.ToLower(); filterContext.Controller.TempData["msg"] = "木有权限"; filterContext.Controller.TempData["url"] = ""; filterContext.Controller.TempData["from_controller"] = controller; filterContext.Controller.TempData["from_action"] = action; filterContext.HttpContext.Response.Redirect(filterContext.HttpContext.Request.ApplicationPath + string.Format("Home/Index/")); } #endregion } 在要限制的Controller上加声明即可： [AuthorAttribute] public class HelloController : Controller 访问该controller中的action，会被限制，也可以加到action前面。

夜的第七章

ASP.NET、C#、.NET开发资源、Javascript等等为主的开发备注收藏注意警告等的一个个人博客。

导航

2010-1-25 15:24:48

Tags: asp.net mvc filter

发布:roydux | 分类:.NET | 评论:1 | 引用:0 | 浏览:

Powered By Z-Blog 1.8 Arwen Build 81206

©2007 - 2010 www.leadnt.com 保留一些权利吧

夜的第七章

ASP.NET、C#、.NET开发资源、Javascript等等为主的开发备注收藏注意警告等的一个个人博客。

导航

2010-1-25 15:24:48