public class AuthorizationFilterAttribute : AuthorizeAttribute
{
Dictionary<string, string> roles = new Dictionary<string, string>() {
{"1","/Home/Index"},
{"2",""},
};
/// <summary>
/// 自定义验证逻辑 返回false时 才会执行HandleUnauthorizedRequest
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var id = Convert.ToString(httpContext.Request.QueryString["id"]);
if (id == null || !roles.ContainsKey(id))
return false;
string controller = Convert.ToString(httpContext.Request.RequestContext.RouteData.Values["controller"]);
string action = Convert.ToString(httpContext.Request.RequestContext.RouteData.Values["action"]);
return string.Compare(roles[id], string.Format("/{0}/{1}", controller, action), true) == 0;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
UrlHelper url = new UrlHelper(filterContext.HttpContext.Request.RequestContext);
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
filterContext.Result = new RedirectResult(url.Action("login", "home"));
}
}
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new AuthorizationFilterAttribute());
filters.Add(new HandleErrorAttribute());
}
filterContext.Result只要不为空Action就会终止。直接响应请求。
