授权对控制器和动作名称当前用户在ASP.NET MVC 3 [英] Authorize current user against controller and action name in ASP.NET MVC 3
问题描述
我需要创建ASP.NET MVC 3里面的应用程序定制的授权,授权在5表中定义。用户可以属于多个组,并且每个权利可以被分配到多个组太。每个控制器动作被分配一个RightID。
在授权不能容纳该设置的建成,所以我试图创建一个自定义AuthorizeAttribute。当重写AuthorizeCore,我意识到我没有访问控制器的名称和动作名称。
我可以以某种方式要求路由器解析里面AuthorizeCore的Request.RawUrl得到控制器和动作的名字吗?还是有另一种方法做我想要什么?
保护覆盖布尔AuthorizeCore(HttpContextBase的HttpContext)
{
VAR的RouteData = httpContext.Request.RequestContext.RouteData;
VAR控制器= routeData.GetRequiredString(控制器);
VAR行动= routeData.GetRequiredString(行动);
...
}
I need to create a customized authorization in ASP.NET MVC 3. Inside the app, authorization is defined in 5 tables: users, groups, usergroups, rights, grouprights. A user can belong to several groups, and each right can be assigned to several groups too. Each controller action is assigned a RightID.
The built in authorization can't accomodate this setup, so I tried to create a customized AuthorizeAttribute. When overriding AuthorizeCore, I realized I don't have access to controller name and action name.
Can I somehow ask the router to parse the Request.RawUrl inside AuthorizeCore to get controller and action name? Or is there another way to do what I want?
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var routeData = httpContext.Request.RequestContext.RouteData;
var controller = routeData.GetRequiredString("controller");
var action = routeData.GetRequiredString("action");
...
}
这篇关于授权对控制器和动作名称当前用户在ASP.NET MVC 3的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!