MVC 3会话和authorizeAttribute [英] mvc 3 session and authorizeAttribute

问题描述

我的网站向所有人开放，但我有一个采用某种方法的控制器，只有具有用户名和密码的管理员才能输入.我将布尔IsManager保存在session中.
我想使用authorize属性来阻止谁IsManager == false.

My site is open to all but i have a controller with some method that only the manager with the user and password can enter. I'm saving the bool IsManager in a session.
I would like to use the authorize attribute to block whom ever IsManager == false.

推荐答案

首先定义一个ActionFilter:

First define an ActionFilter:

public class TheFilter: ActionFilterAttribute
{
   public override void OnActionExecuting(ActionExecutingContext filterContext)
   {
        var session = filterContext.HttpContext.Session;
        if ((bool?)session["IsManager"] == true)
            return;

        //Redirect him to somewhere.
        var redirectTarget = new RouteValueDictionary
             {{"action", "{ActionName}"}, {"controller", "{ControllerName}"}};
        filterContext.Result = new RedirectToRouteResult(redirectTarget);
   }
}

然后在受限的Action(或控制器)上方使用它:

//[TheFilter]
public class ManagersController : Controller
{
    [TheFilter]
    public ActionResult Foo()
    {
        ...
        return View();
    }
}

这篇关于MVC 3会话和authorizeAttribute的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！