我做了一个新的动作过滤器(属性,类似于[授权])的授权访问基于会话值控制器动作。不过,我基本上装饰与属性的(除了极少数例外),我所有的控制器动作。
I made a new action filter (attribute, similar to [Authorize]) which authorizes access to a controller action based on a session value. However, I'm basically decorating all my controller actions with that attribute (with the exception of very few).
所以,我认为这将是最好有一个行为过滤器的总是的执行的情况除外的,其中附上一份[ExemptFromAuthorize]属性到一个控制器行动? (也许通过继承我自己的Controller类?)
So, I thought it would be better to have that Action Filter always executed except in cases where I attach an [ExemptFromAuthorize] attribute to a controller action? (Maybe via inheriting to my own Controller class?)
我怎样才能做到这一点?
How can I do this?
推荐答案与运行jeef3's答案,我想出了这个。它可以使用更多的错误检查和鲁棒性像多分隔措施,但总的思想工作。
Running with jeef3's answer, I came up with this. It could use more error checking and robustness like multiple delimited actions, but the general idea works.
在特定的情况下,可以测试会话值,并决定返回了授权也。
In your specific case, you could test for the session value and decide to return out of the authorization also.
public class AuthorizeWithExemptionsAttribute : AuthorizeAttribute { public string Exemption { get; set; } public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext.RouteData.GetRequiredString("action") == Exemption) return; base.OnAuthorization(filterContext); } }用法:
[AuthorizeWithExemptions(Roles="admin", ExemptAction="Index")] public class AdminController : Controller ...更多推荐
在所有的控制器动作强制行为过滤器(C#/ ASP.NET MVC)
发布评论