MVC中经常会用到关于设置访问权限的问题:
如果我们扩展了AuthorizeAttribute,那么我们只需要在类或方法前加上此attribute,即可实现权限问题。
AttributeTargets 权限适用于类或者方法
[AttributeUsage(AttributeTargets.Class|AttributeTargets.Method,Inherited=true,AllowMultiple=true)]
public sealed class SecurityAuthorizationAttribute :AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
{
throw new ArgumentException("httpContext");
}
bool result = true;
// 权限设置
return result;
}
//return true 是不会触发 handleUnauthorizedRequest.
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
//base.HandleUnauthorizedRequest(filterContext);
filterContext.Result = new ViewResult
{
ViewName = "~/Views/Shared/Error.cshtml",
ViewData = new ViewDataDictionary() { { "ErrorMessage", Constants.IsAccessDenied } }
};
}
}
//没有权限时候跳转到的error页面。
