ASP.Net Identity 2-为什么我的过滤器不起作用？

Question

I've tried creating an easy filter to see if the user is in a role called "System Administrator", basically short hand for having to do [Authorize(Roles = "System Administrator")] . 我尝试创建一个简单的过滤器，以查看用户是否处于名为“系统管理员”的角色，这基本上是必须要做的[Authorize(Roles = "System Administrator")]简写形式。 I thought it would be fairly simple, but I'm also fairly new to MVC so perhaps I'm overlooking something. 我以为这很简单，但是我对MVC还是很陌生，所以也许我忽略了一些东西。

Here's my code: 这是我的代码：

using System.Web.Mvc;

namespace site_redesign_web.Filters
{
    public class SystemAdminFilter : ActionFilterAttribute
    {
        string SysAdminRole = "System Administrator";

        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext.RequestContext.HttpContext.User != null)
            {
                var userSysAdmin = filterContext.RequestContext.HttpContext.User.IsInRole(SysAdminRole) == true;
                filterContext.ActionParameters["IsSysAdmin"] = userSysAdmin;
            }
        }
    }
}

Can some one suggest where am I going wrong? 有人可以建议我要去哪里吗？ A huge plus would be if the person isn't a System Administrator it would direct them to Home/NoPermissions . 如果该人不是系统管理员，那么它将带他们到Home/NoPermissions这是一个巨大的优势。

Thank you! 谢谢！

Answer 1

Since you are dealing with authorization, I would extend AuthorizeAttribute instead of ActionFilterAttribute which is mode general. 由于您正在处理授权，因此我将扩展AuthorizeAttribute而不是一般模式的ActionFilterAttribute 。 You need to override only one method - HandleUnauthorizedRequest which is executed when authorization fails. 您只需要覆盖一种方法HandleUnauthorizedRequest ，当授权失败时将执行该方法。 Default implementation of AuthorizeAttribute already handles role based authorization for you. AuthorizeAttribute的默认实现已经为您处理了基于角色的授权。

public class SystemAdminAttribute : AuthorizeAttribute
{
    private const string SysAdminRole = "System Administrator";

    public SystemAdminFilter()
    {   
        //this defines the role that will be used to authorize the user:
        this.Roles = SysAdminRole;
    }  

    //if user is not authorized redirect to "Home/NoPermissions" page
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if(!filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
        else
        {
            filterContext.Result = new RedirectToRouteResult(new
               RouteValueDictionary(new { controller = "Home", action = "NoPermissions" }));
         }
     }           
}

Once your attribute is implemented, decorate corresponding Controllers or Actions with it: 实现属性后，用它装饰相应的Controllers或Actions：

[SystemAdmin]
public SysAdminController : Controller
{
}

Answer 2

Updated: Fixing all issues. 更新：解决所有问题。 AJ. AJ。 Here you go... Finally fixed the problem 好了...终于解决了问题

using ActionFilterAttribute 
using System.Web.Mvc;
namespace site_redesign_web.Filters
{
    public class SystemAdminFilter : ActionFilterAttribute
    {
        string SysAdminRole = "System Administrator";
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext.RequestContext.HttpContext.User != null)
            {
                var userSysAdmin = filterContext.RequestContext.HttpContext.User.IsInRole(SysAdminRole) == true;

            if(!userSysAdmin)
            {
                filterContext.Result = new RedirectToRouteResult(
                    new System.Web.Routing.RouteValueDictionary{
                    {"controller", "Home"},     
                    {"action", "Index"}
                });
            }
            }
        }
    }
}

and your Controller should be 并且您的控制器应为

[SystemAdminFilter]     // at controller level
public SomeController : Controller
{

}

or you can also use it for a particular Action by annotating like this 或者您也可以通过这样的注释将其用于特定的操作

public SomeController : Controller
{
    [SystemAdminFilter]     // at Action level
    public ActionResult SomeAction()
    {
            // perform your actions
    }

It will work because I manually passed in the User with his role in the Application_AuthorizeRequest in Global.asax 之所以可以使用，是因为我在Global.asax的Application_AuthorizeRequest中手动传递了他的用户角色

protected void Application_AuthorizeRequest(Object sender, EventArgs e)
{
     FormsAuthenticationTicket formsAuthenticationTicket = new FormsAuthenticationTicket("Aravind", true, 30);
     FormsIdentity formsIdentityId = new FormsIdentity(formsAuthenticationTicket);
     GenericPrincipal genericPrincipal = new GenericPrincipal(formsIdentityId, new string[] { "SystemUser" }); //TEST with this redirected to Home Index place
     HttpContext.Current.User = genericPrincipal ;
}

The next test I made was with this 我的下一个测试是与此

GenericPrincipal genericPrincipal = new GenericPrincipal(formsIdentityId, new string[] { "System Administrator" }); //TEST with this did not perform an action

ASP.Net Identity 2-为什么我的过滤器不起作用？

问题描述

2 个解决方案

解决方案1
1 2016-10-02 06:42:24

解决方案2
1 已采纳 2016-10-02 11:14:34

ASP.Net Identity 2-为什么我的过滤器不起作用？

问题描述

2 个解决方案

解决方案1 1 2016-10-02 06:42:24

解决方案2 1 已采纳 2016-10-02 11:14:34

解决方案1
1 2016-10-02 06:42:24

解决方案2
1 已采纳 2016-10-02 11:14:34