C# 如何配置注释[授权]以使用枚举？_C#_Asp.net Mvc_Asp.net Mvc 4

C# 如何配置注释[授权]以使用枚举？

c# asp.net-mvc asp.net-mvc-4

C# 如何配置注释[授权]以使用枚举？,c#,asp.net-mvc,asp.net-mvc-4,C#,Asp.net Mvc,Asp.net Mvc 4,我正在尝试使用Enum来注释[授权]。我已经配置了，但仍然不起作用，安全策略允许访问我没有使用数字创建我的Enum，例如：Administrator=1或类似的东西，我只是使用描述作为管理员、管理者、公共创建。我不想创建数字作为索引，只想创建描述，如我所示我怎样才能解决这个问题枚举 public enum RoleType{ Administrator, Manager, Common }; 授权属性 [AttributeUsage(AttributeTarget

我正在尝试使用

Enum

来注释

[授权]

。我已经配置了，但仍然不起作用，安全策略允许访问

我没有使用数字创建我的

Enum

，例如：

Administrator=1

或类似的东西，我只是使用描述作为

管理员、管理者、公共

创建。我不想创建数字作为索引，只想创建描述，如我所示

我怎样才能解决这个问题

枚举

public enum RoleType{
    Administrator,
    Manager,
    Common
};

授权属性

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Constructor | AttributeTargets.Enum | AttributeTargets.Method, AllowMultiple = false)]
public class PermissionFilter : AuthorizeAttribute{

    public RoleType Roles {get;set;}

    protected override bool AuthorizeCore(HttpContextBase httpContext){
        if (httpContext == null)
            throw new ArgumentNullException("httpContext");

        if (!httpContext.User.Identity.IsAuthenticated)
            return false;

        //get the Session of User
        User user = httpContext.Session["User"] as User;
        RoleType role = user.role;

        if (((Roles & role) != role))
            return false;

        return true;
    }

    public override void OnAuthorization(AuthorizationContext filterContext){
        base.OnAuthorization(filterContext);

        if (filterContext.Result is HttpUnauthorizedResult)
            filterContext.HttpContext.Response.Redirect("/Home/accessDenied");
    }
}

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Constructor | AttributeTargets.Enum | AttributeTargets.Method, AllowMultiple = false)]
public class PermissionFilter : AuthorizeAttribute{

    public RoleType[] Roles;

    public PermissionFilter(params RoleType[] roles){
        Roles = roles;
    }

    protected override bool AuthorizeCore(HttpContextBase httpContext){
        if (httpContext == null)
            throw new ArgumentNullException("httpContext");

        if (!httpContext.User.Identity.IsAuthenticated)
            return false;
        try{
            Usuario usuario = httpContext.Session["Usuario"] as Usuario;
            RoleType role = usuario.role;
            Boolean contain = Roles.Contains<RoleType>((RoleType)role);
            Console.WriteLine("Contem Role: " + contain);

            if (!Roles.Contains<RoleType>((RoleType)role)){
                return false;
            }

            return true;
        }catch (Exception e){
            Debug.WriteLine("PermissionFilter AuthorizeCore: " + e.Message);
            return false;
        }       
    }


    public override void OnAuthorization(AuthorizationContext filterContext){
        base.OnAuthorization(filterContext);

        if (filterContext.Result is HttpUnauthorizedResult)
            filterContext.HttpContext.Response.Redirect("/Home/acessoNegado");
    }
}

方法

[PermissionFilter(Roles= RoleType.Manager)]
public ActionResult viewAllAdmin(int? pagina, String nome){
}

解决了这个问题

是的

授权属性

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Constructor | AttributeTargets.Enum | AttributeTargets.Method, AllowMultiple = false)]
public class PermissionFilter : AuthorizeAttribute{

    public RoleType Roles {get;set;}

    protected override bool AuthorizeCore(HttpContextBase httpContext){
        if (httpContext == null)
            throw new ArgumentNullException("httpContext");

        if (!httpContext.User.Identity.IsAuthenticated)
            return false;

        //get the Session of User
        User user = httpContext.Session["User"] as User;
        RoleType role = user.role;

        if (((Roles & role) != role))
            return false;

        return true;
    }

    public override void OnAuthorization(AuthorizationContext filterContext){
        base.OnAuthorization(filterContext);

        if (filterContext.Result is HttpUnauthorizedResult)
            filterContext.HttpContext.Response.Redirect("/Home/accessDenied");
    }
}

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Constructor | AttributeTargets.Enum | AttributeTargets.Method, AllowMultiple = false)]
public class PermissionFilter : AuthorizeAttribute{

    public RoleType[] Roles;

    public PermissionFilter(params RoleType[] roles){
        Roles = roles;
    }

    protected override bool AuthorizeCore(HttpContextBase httpContext){
        if (httpContext == null)
            throw new ArgumentNullException("httpContext");

        if (!httpContext.User.Identity.IsAuthenticated)
            return false;
        try{
            Usuario usuario = httpContext.Session["Usuario"] as Usuario;
            RoleType role = usuario.role;
            Boolean contain = Roles.Contains<RoleType>((RoleType)role);
            Console.WriteLine("Contem Role: " + contain);

            if (!Roles.Contains<RoleType>((RoleType)role)){
                return false;
            }

            return true;
        }catch (Exception e){
            Debug.WriteLine("PermissionFilter AuthorizeCore: " + e.Message);
            return false;
        }       
    }


    public override void OnAuthorization(AuthorizationContext filterContext){
        base.OnAuthorization(filterContext);

        if (filterContext.Result is HttpUnauthorizedResult)
            filterContext.HttpContext.Response.Redirect("/Home/acessoNegado");
    }
}

然后，它工作得很好

所以你根本不需要stackoverflow的帮助。