C# 过滤器 验证页面权限
在我们做一些系统的时候,通常会涉及到一些界面的权限,对于该角色这个用户到底能不能看到,如果没有这个界面的权限就无法访问,使用这个验证界面权限的过滤器就可以很好的解决这个问题
/// <summary> /// 验证用户页面权限 2019年10月25日21:04:45 Dennyhui /// </summary> public class AccountAuthorizeAttribute : AuthorizeAttribute { private BIDBEntities BE = new BIDBEntities(); public override void OnAuthorization(AuthorizationContext authorizationContext) { var httpContext = authorizationContext.HttpContext; var request = httpContext.Request; //判断是否有权限访问页面 string url = HttpContext.Current.Request.Url.LocalPath.ToString().Replace("/en-US", "").Replace("/zh-CN", ""); if (url.Equals("/")) { url = "/Home/Index"; } if (url.ToLower().Contains("/home/default")) { url = "/Home/Index"; } //可以默认为false bool StartTimeLock = bool.Parse(ConfigHelper.GetConfigStr("StartTimeLock")); //解密配置文件 string ExpiredTimeEncryptStr = ConfigHelper.GetConfigStr("ExpiredTimeEncryptStr").Trim(); if (!url.Contains("/Home/Login")) { if (StartTimeLock) { string ExpireDate_Decrypt = EncryptAndDecrypt.Decrypt(ExpiredTimeEncryptStr); string hms = " 00:00:00"; DateTime ExpiredTime = Convert.ToDateTime(ExpireDate_Decrypt + hms); //DateTime ExpiredTime = DateTime.Now.AddHours(-10); DateTime nowTime = DateTime.Now; if (nowTime >= ExpiredTime) { authorizationContext.Result = RedirectLogin("/Home/Expired"); } else { string message = string.Empty; string nowUser = CurrentUser.UserAccount; string UserID = BE.UserInfo.Where(u => u.UserAccount == nowUser && u.Validity == "1").FirstOrDefault().ID; if (!string.IsNullOrEmpty(UserID)) { RoleManage roleManag = new RoleManage(); //判断用户适配配置了这个界面 bool res = roleManag.GetUserNavigationType(UserID, url); if (res != true) //没有则返回自定义错误界面 authorizationContext.Result = RedirectLogin("/Home/Error"); } } } else { try { string message = string.Empty; string nowUser = CurrentUser.UserAccount; string UserID = BE.UserInfo.Where(u => u.UserAccount == nowUser && u.Validity == "1").FirstOrDefault().ID; if (!string.IsNullOrEmpty(UserID)) { RoleManage roleManag = new RoleManage(); //调用方法查看该角色是否有此界面菜单权限 bool res = roleManag.GetUserNavigationType(UserID, url); if (res != true) authorizationContext.Result = RedirectLogin("/Home/Error"); } else { //查询错误返回false,重新登录 authorizationContext.Result = RedirectLogin("/Home/Login"); } } catch (Exception ex) { ILog log = LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType.Name); log.Error("方法:OnAuthorization()报错,错误内容" + ex); } } } } //遇到问题跳转到自定义界面 public ActionResult RedirectLogin(string url) { ContentResult cr = new ContentResult(); cr.Content = "<script>window.location.href='" + url + "'</script>"; return cr; } }
