public class CheckUserAttribute : ActionFilterAttribute, IAuthorizationFilter { public void OnAuthorization(AuthorizationContext context) { if (this.IsAnonymousAction(context)) //是否容許匿名用戶訪問 [AllowAnonymous] { return; } if (context.HttpContext.Session["currentUserId"] == null) { context.Result = new RedirectToRouteResult( new RouteValueDictionary{ { "controller", "Error"}, { "action", "NotAuthorized"} }); } } #region private method private bool IsAnonymousAction(AuthorizationContext filterContext) { return filterContext.ActionDescriptor .GetCustomAttributes(inherit: true) .OfType<AllowAnonymousAttribute>() .Any(); } #endregion }