如何配置注解 [Authorize] 以使用枚举?

How do I to configure the annotation [Authorize] to use Enum?

我正在尝试使用 Enum 来注释 [Authorize]。我已经配置,但它仍然不起作用,安全策略允许访问。

我没有用数字创建我的 Enum 例如:Administrator = 1 或类似的东西,我只是使用 Administrator, Manager, Common 的描述创建的。我不会创建数字作为索引,只是想按照我显示的描述来创建。

我该如何解决这个问题?

枚举

public enum RoleType{
    Administrator,
    Manager,
    Common
};

AuthorizeAttribute

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Constructor | AttributeTargets.Enum | AttributeTargets.Method, AllowMultiple = false)]
public class PermissionFilter : AuthorizeAttribute{

    public RoleType Roles {get;set;}

    protected override bool AuthorizeCore(HttpContextBase httpContext){
        if (httpContext == null)
            throw new ArgumentNullException("httpContext");

        if (!httpContext.User.Identity.IsAuthenticated)
            return false;

        //get the Session of User
        User user = httpContext.Session["User"] as User;
        RoleType role = user.role;

        if (((Roles & role) != role))
            return false;

        return true;
    }

    public override void OnAuthorization(AuthorizationContext filterContext){
        base.OnAuthorization(filterContext);

        if (filterContext.Result is HttpUnauthorizedResult)
            filterContext.HttpContext.Response.Redirect("/Home/accessDenied");
    }
}

方法

[PermissionFilter(Roles= RoleType.Manager)]
public ActionResult viewAllAdmin(int? pagina, String nome){
}

问题解决了。

我做到了

AuthorizeAttribute

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Constructor | AttributeTargets.Enum | AttributeTargets.Method, AllowMultiple = false)]
public class PermissionFilter : AuthorizeAttribute{

    public RoleType[] Roles;

    public PermissionFilter(params RoleType[] roles){
        Roles = roles;
    }

    protected override bool AuthorizeCore(HttpContextBase httpContext){
        if (httpContext == null)
            throw new ArgumentNullException("httpContext");

        if (!httpContext.User.Identity.IsAuthenticated)
            return false;
        try{
            Usuario usuario = httpContext.Session["Usuario"] as Usuario;
            RoleType role = usuario.role;
            Boolean contain = Roles.Contains<RoleType>((RoleType)role);
            Console.WriteLine("Contem Role: " + contain);

            if (!Roles.Contains<RoleType>((RoleType)role)){
                return false;
            }

            return true;
        }catch (Exception e){
            Debug.WriteLine("PermissionFilter AuthorizeCore: " + e.Message);
            return false;
        }       
    }


    public override void OnAuthorization(AuthorizationContext filterContext){
        base.OnAuthorization(filterContext);

        if (filterContext.Result is HttpUnauthorizedResult)
            filterContext.HttpContext.Response.Redirect("/Home/acessoNegado");
    }
}

方法

[PermissionFilter(RoleType.Administrator, RoleType.Manager)]
public ActionResult viewAllAdmin(int? pagina, String nome){
}

然后,一切正常!