Soo*_*ead 22 authorization custom-attributes asp.net-mvc-3
我有一个控制器,只应在加载特定参数时请求授权.例如,当参数ID为8时.
我想到了使用这样的自定义验证属性:
public class MyAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (/* Action's inputparameter ID = 8 */)
{
return base.AuthorizeCore(httpContext);
}
return true;
}
}
我的动作看起来像这样(不是很有趣)
[MyAuthorize]
public ActionResult Protected(int id)
{
/* custom logic for setting the viewmodel from the id parameter */
return View(viewmodel);
}
问题是您可以看到我不知道如何在authorize属性中检查该ID参数.你能帮我解决一下吗?
Dar*_*rov 30
如果id作为请求参数(GET或POST)或路由数据参数传递:
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// first look at routedata then at request parameter:
var id = (httpContext.Request.RequestContext.RouteData.Values["id"] as string)
??
(httpContext.Request["id"] as string);
if (id == "8")
{
return base.AuthorizeCore(httpContext);
}
return true;
}
只要AuthorizeAttribute是继承,您可以从中获取参数AuthorizationContext,如下所示:
public class MyAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
string idParam = filterContext.Controller.ValueProvider.GetValue("id").AttemptedValue;
int id;
if (int.TryParse(idParam, out id))
{
if (id == 8) // apply your business logic here
return;
}
filterContext.Result = new HttpUnauthorizedResult();
}
}
[MyAuthorize]
public ActionResult Protected(int id)
{
return View();
}
在ValueProvider将通过所有已注册的供应商,在默认情况包括迭代RouteDataValueProvider,QueryStringValueProvider并且FormValueProvider,做所有的工作适合你.
否则我建议使用ActionFilterAttribute.
| 归档时间: |
|
| 查看次数: |
14701 次 |
| 最近记录: |