【发布时间】:2014-01-04 19:50:46
【问题描述】:
我正在开发一个 asp.net mvc4 Web 应用程序,并且我有以下操作过滤器类,它实现了自定义授权:-
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public class CheckUserPermissionsAttribute : ActionFilterAttribute
{
public string Model { get; set; }
public string Action { get; set; }
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
// var user = User.Identity.Name; // or get from DB
int value = 0;
Repository repository = new Repository();
if (!repository.can(ADusername,Model,value )) // implement this method based on your tables and logic
{if (filterContext.HttpContext.Request.IsAjaxRequest())
{
var viewResult = new JsonResult();
viewResult.JsonRequestBehavior = JsonRequestBehavior.AllowGet;
viewResult.Data = (new { IsSuccess = "Unauthorized", description = "Sorry, you do not have the required permission to perform this action." });
filterContext.Result = viewResult;
}
else
{
var viewResult = new ViewResult();
viewResult.ViewName = "~/Views/Errors/_Unauthorized.cshtml";
filterContext.Result = viewResult;
}
}
base.OnActionExecuting(filterContext);
}
}
}
我在调用动作方法之前使用actino过滤器,如下所示:-
[CheckUserPermissions(Action = "Edit", Model = "Router")]
public ActionResult Create(int? rackid)
{
但我需要更改操作过滤器类,使其成为由 AuthorizeAttribute 驱动的类,所以任何人都可以建议这样做需要哪些步骤吗?
编辑
我修改了我的操作过滤器类以使用 AuthorizeAttribute 如下,但我之前的缓存问题仍然存在。就好像授权用户访问操作方法一样,如果未经授权的用户访问相同的操作方法,他将能够读取他没有权限的缓存数据....这就是我想改变我的原因动作过滤器成为授权属性。我当前的授权属性是:-
public class CheckUserPermissionsAttribute : AuthorizeAttribute
{
public string Model { get; set; }
public string Action { get; set; }
public override void OnAuthorization(AuthorizationContext filterContext)
{
// code goes here
if (!repository.can(ADusername,Model,value )) // implement this method based on your tables and logic
{
// filterContext.Result = new HttpUnauthorizedResult("You cannot access this page");
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
var viewResult = new JsonResult();
viewResult.JsonRequestBehavior = JsonRequestBehavior.AllowGet;
viewResult.Data = (new { IsSuccess = "Unauthorized", description = "Sorry, you do not have the required permission to perform this action." });
filterContext.Result = viewResult;
// filterContext.HttpContext.Response.StatusCode = 400;
//filterContext.Result = new HttpUnauthorizedResult("You cannot access this page");
}
else
{
var viewResult = new ViewResult();
viewResult.ViewName = "~/Views/Errors/_Unauthorized.cshtml";
filterContext.Result = viewResult;
}
}
base.OnAuthorization(filterContext);
}
}
}
那么我目前的方法是否有效?请记住我正在根据请求类型返回未经授权的视图或 JSON,而不是返回 401 http 响应?
谢谢
【问题讨论】:
标签: c# asp.net asp.net-mvc asp.net-mvc-4