Tha*_*tha 13 c# asp.net-mvc action-filter actionfilterattribute
我使用类名RightCheckerAttribute检查MVC3应用程序中的用户权限...所以RightCheckerAttribute类是这样的......
public bool isAdmin { get; set; }
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpContextBase context = filterContext.HttpContext;
bool result = Convert.ToBoolean(context.Request.QueryString["isAdmin"].ToString());
if (isAdmin != result)
{
RouteValueDictionary redirecttargetDictionary = new RouteValueDictionary();
redirecttargetDictionary.Add("action", "NoPermission");
redirecttargetDictionary.Add("controller","Singer");
filterContext.Result = new RedirectToRouteResult(redirecttargetDictionary);
}
//base.OnActionExecuting(filterContext);
}
所以在方法我应用这个有头像..
[RightChecker (isAdmin=true)]
我正在执行这个方法..
http://localhost:5576/Singer/DeleteSinger?isAdmin=true
问题是我是否传递真或假...我得到的结果变量为假...而且我得到:
异常[空对象引用] ...
Pra*_*nam 15
您似乎没有在查询字符串中传递isAdmin=false或isAdmin=true.这个对我有用.但是,您需要处理未传递querystring参数的情况.检查我的实施.正如问题的评论部分所述,它不够安全,无法通过查询字符串传递.
public class RightChecker : ActionFilterAttribute
{
public bool IsAdmin;
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
bool result = false;
if (filterContext.HttpContext.Request.QueryString["isAdmin"] != null)
{
bool.TryParse(filterContext.HttpContext.Request.QueryString["isAdmin"].ToString(), out result);
}
if (IsAdmin != result)
{
//your implementation
}
}
}
你的行动方法
[RightChecker(IsAdmin=true)]
public ActionResult AttCheck()
{
return View();
}
| 归档时间: |
|
| 查看次数: |
14979 次 |
| 最近记录: |