堆栈内存溢出
  简体   繁体   English

使用特定规则创建自定义Authorize属性

[英]Creating a custom Authorize attribute with specific rules

 原文  2016-10-28 17:58:58       c#/ asp.net/ asp.net-mvc/ c#-4.0/ authorize

问题描述

I'm trying to create a custom Authorize attribute to do the following: 我正在尝试创建自定义Authorize属性来执行以下操作:

  1. If the user has a role of "Regular user" - he is redirected to /index/subscribe 如果用户具有“常规用户”角色,则会将其重定向到/ index / subscribe
  2. All other users(Administrator,Subscriber) gets access to /Search/Index 所有其他用户(管理员,订阅者)都可以访问/搜索/索引

This is when the user tries to open up the Search controller. 这是用户尝试打开搜索控制器时。 I made the custom Authorize attribute like this: 我做了这样的自定义Authorize属性: 

public class DenyRegularUser : System.Web.Mvc.AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);
            if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
            {
                filterContext.Result = new RedirectResult("~/User/Logon");
                return;
            }

            if (filterContext.HttpContext.User.IsInRole("Regular user"))
            {
                filterContext.Result = new RedirectResult("~/Index/Subscribe");
            }
        }
    }

And this is my Search controller: 这是我的搜索控制器: 

namespace WebApplication2.Controllers
{
    [DenyRegularUser(Roles ="Regular user")]
    public class SearchController : Controller
    {
        // GET: Search
        public ActionResult Index()
        {
            return View();
        }
    }
}

But for some reason, even when I update the user's role from Regular user to Administrator or Subscriber, I get redirected to login page: /user/login... 但出于某种原因,即使我将用户的角色从普通用户更新为管理员或订阅者,我也会被重定向到登录页面:/ user / login ...

This shouldn't happen as the login functionality works perfectly and I get the role of the user... 这不应该发生,因为登录功能完美地工作,我得到了用户的角​​色......

What am I missing out here?? 我错过了什么?

1 个解决方案

解决方案1
 0  2016-10-28 18:17:42

This may help. 这可能有所帮助。 

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false)]
public class DenyRegularUser  : AuthorizeAttribute
{
    public DenyRegularUser() :
        base()
    {

    }

    protected override bool IsAuthorized (System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        if (AuthorizeRequest(actionContext))
        {
            return true;
        }
        return false;
    }

    protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        //Code to handle unauthorized request
        actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.TemporaryRedirect);
        actionContext.Response.Headers.Add("Location", "~/Index/Subscribe");
    }

    private bool AuthorizeRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        //Write your code here to perform authorization
    }
}

I believe the IsAuthorized method is the correct way to override the AuthorizeAttribute. 我相信IsAuthorized方法是覆盖AuthorizeAttribute的正确方法。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 编写自定义[Authorize]属性 - Writing custom [Authorize] attribute 如何为角色以及特定用户使用自定义授权属性? - How to use custom Authorize attribute for roles as well as a specific user? WebApi自定义授权属性 - WebApi Custom Authorize attribute 自定义授权属性在发布时出现问题 - Problems with custom authorize attribute on published WebApi自定义授权属性不起作用 - WebApi Custom Authorize Attribute not working 自定义授权属性和表单身份验证 - Custom Authorize Attribute & Forms authentication 如何使用自定义授权属性多次授权用户? - How to authorize users more than once using custom authorize attribute? 使用会话变量的自定义授权属性 - Custom Authorize attribute using session variables 将授权属性与基于自定义声明的身份验证一起使用 - Use Authorize Attribute with Custom Claims based Authentication Windows身份验证和身份为空的自定义授权属性 - Custom authorize attribute with windows authentication and identity empty
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM