授权对控制器和动作名称当前用户在ASP.NET MVC 3 [英] Authorize current user against controller and action name in ASP.NET MVC 3

问题描述

用户，用户组，用户组，权限，grouprights：

我需要创建ASP.NET MVC 3里面的应用程序定制的授权，授权在5表中定义。用户可以属于多个组，并且每个权利可以被分配到多个组太。每个控制器动作被分配一个RightID。

在授权不能容纳该设置的建成，所以我试图创建一个自定义AuthorizeAttribute。当重写AuthorizeCore，我意识到我没有访问控制器的名称和动作名称。

我可以以某种方式要求路由器解析里面AuthorizeCore的Request.RawUrl得到控制器和动作的名字吗？还是有另一种方法做我想要什么？

解决方案

 保护覆盖布尔AuthorizeCore（HttpContextBase的HttpContext）
{
    VAR的RouteData = httpContext.Request.RequestContext.RouteData;
    VAR控制器= routeData.GetRequiredString（控制器）;
    VAR行动= routeData.GetRequiredString（行动）;
    ...
}
 

I need to create a customized authorization in ASP.NET MVC 3. Inside the app, authorization is defined in 5 tables: users, groups, usergroups, rights, grouprights. A user can belong to several groups, and each right can be assigned to several groups too. Each controller action is assigned a RightID.

The built in authorization can't accomodate this setup, so I tried to create a customized AuthorizeAttribute. When overriding AuthorizeCore, I realized I don't have access to controller name and action name.

Can I somehow ask the router to parse the Request.RawUrl inside AuthorizeCore to get controller and action name? Or is there another way to do what I want?

解决方案

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    var routeData = httpContext.Request.RequestContext.RouteData;
    var controller = routeData.GetRequiredString("controller");
    var action = routeData.GetRequiredString("action");
    ...
}

这篇关于授权对控制器和动作名称当前用户在ASP.NET MVC 3的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！