Asp.net mvc 3 具有角色和AllowAnonymous覆盖的管理员角色全局筛选器?
我已经设置了一个全局过滤器,要求基于的所有方法都登录。现在我想更进一步,要求所有操作仅授权给“Admin”角色,除非被文章中的AllowAnonymous属性或[Authorize(Roles=“Staff”)]覆盖,后者将允许“Staff”和“Admin”访问 我已尝试在LogonAuthorize属性构造函数中添加角色:Asp.net mvc 3 具有角色和AllowAnonymous覆盖的管理员角色全局筛选器?,asp.net-mvc-3,authorize-attribute,Asp.net Mvc 3,Authorize Attribute,我已经设置了一个全局过滤器,要求基于的所有方法都登录。现在我想更进一步,要求所有操作仅授权给“Admin”角色,除非被文章中的AllowAnonymous属性或[Authorize(Roles=“Staff”)]覆盖,后者将允许“Staff”和“Admin”访问 我已尝试在LogonAuthorize属性构造函数中添加角色: public LogonAuthorize() { this.Roles = "Admin"; } 。。但这将所有操作限制为Adm
public LogonAuthorize()
{
this.Roles = "Admin";
}
。。但这将所有操作限制为Admin,并且我不能在操作上使用Authorize属性进行覆盖。很快就解决了:O 我创建了另一个authorize属性:
public sealed class OverrideAuthorize : AuthorizeAttribute
{
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)
|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)
|| filterContext.ActionDescriptor.IsDefined(typeof(OverrideAuthorize), true)
|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(OverrideAuthorize), true);
if (!skipAuthorization)
{
base.OnAuthorization(filterContext);
}
}
因此,LogonAuthorize属性默认情况下适用于所有控制器和操作,并且需要角色“Admin”,但它仅在未定义AllowAnonymous或OverrideAuthorize时进行授权。很快就解决了这个问题:O 我创建了另一个authorize属性:
public sealed class OverrideAuthorize : AuthorizeAttribute
{
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)
|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)
|| filterContext.ActionDescriptor.IsDefined(typeof(OverrideAuthorize), true)
|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(OverrideAuthorize), true);
if (!skipAuthorization)
{
base.OnAuthorization(filterContext);
}
}