Asp.net MVC 權限驗證，以及是否容許匿名訪問

時間 2019-11-09

標籤 asp.net asp mvc 權限驗證以及是否容許匿名訪問欄目 ASP 简体版

原文原文鏈接

public class CheckUserAttribute : ActionFilterAttribute, IAuthorizationFilter
    {
        public void OnAuthorization(AuthorizationContext context)
        {
            if (this.IsAnonymousAction(context)) //是否容許匿名用戶訪問 [AllowAnonymous]
            {
                return;
            }

            if (context.HttpContext.Session["currentUserId"] == null)
            {
                    context.Result = new RedirectToRouteResult(
                    new RouteValueDictionary{
                        { "controller", "Error"},
                        { "action", "NotAuthorized"}
                    });
            }
        }

        #region private method

        private bool IsAnonymousAction(AuthorizationContext filterContext)
        {
            return filterContext.ActionDescriptor
                                 .GetCustomAttributes(inherit: true)
                                 .OfType<AllowAnonymousAttribute>()
                                 .Any();
        }

        #endregion

    }

相關標籤/搜索