首先创建一个过滤器 MyAuthorizeAttribute 继承AuthorizeAttribute,并重写 AuthorizeCore
public class MyAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
string currentRole = httpContext.Request.Cookies["role"].Value;
//从Session中获取User对象,然后得到其角色信息。如果用户重写了Identity, 则可以在httpContext.Current.User.Identity中获取
if (Roles.Contains(currentRole))
return true;
return base.AuthorizeCore(httpContext);
}
}
然后controler 引用过滤器
[MyAuthorize(Roles = "Admin")]
public ActionResult Index()
{
return Content("过滤器通过了");
}
接下来再做一个授权不通过跳转到登录界面的:
先重写HandleUnauthorizedRequest
/// <summary>
/// 重写过滤不过跳转登录界面
/// </summary>
/// <param name="filterContext"></param>
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.HttpContext.Response.Redirect("/Home/Login");
//base.HandleUnauthorizedRequest(filterContext);
}
public ActionResult login()
{
return Content("这是登录界面");
}