如何配置注解 [Authorize] 以使用枚举?
How do I to configure the annotation [Authorize] to use Enum?
我正在尝试使用 Enum 来注释 [Authorize]。我已经配置,但它仍然不起作用,安全策略允许访问。
我没有用数字创建我的 Enum 例如:Administrator = 1 或类似的东西,我只是使用 Administrator, Manager, Common 的描述创建的。我不会创建数字作为索引,只是想按照我显示的描述来创建。
我该如何解决这个问题?
枚举
public enum RoleType{
Administrator,
Manager,
Common
};
AuthorizeAttribute
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Constructor | AttributeTargets.Enum | AttributeTargets.Method, AllowMultiple = false)]
public class PermissionFilter : AuthorizeAttribute{
public RoleType Roles {get;set;}
protected override bool AuthorizeCore(HttpContextBase httpContext){
if (httpContext == null)
throw new ArgumentNullException("httpContext");
if (!httpContext.User.Identity.IsAuthenticated)
return false;
//get the Session of User
User user = httpContext.Session["User"] as User;
RoleType role = user.role;
if (((Roles & role) != role))
return false;
return true;
}
public override void OnAuthorization(AuthorizationContext filterContext){
base.OnAuthorization(filterContext);
if (filterContext.Result is HttpUnauthorizedResult)
filterContext.HttpContext.Response.Redirect("/Home/accessDenied");
}
}
方法
[PermissionFilter(Roles= RoleType.Manager)]
public ActionResult viewAllAdmin(int? pagina, String nome){
}
问题解决了。
我做到了
AuthorizeAttribute
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Constructor | AttributeTargets.Enum | AttributeTargets.Method, AllowMultiple = false)]
public class PermissionFilter : AuthorizeAttribute{
public RoleType[] Roles;
public PermissionFilter(params RoleType[] roles){
Roles = roles;
}
protected override bool AuthorizeCore(HttpContextBase httpContext){
if (httpContext == null)
throw new ArgumentNullException("httpContext");
if (!httpContext.User.Identity.IsAuthenticated)
return false;
try{
Usuario usuario = httpContext.Session["Usuario"] as Usuario;
RoleType role = usuario.role;
Boolean contain = Roles.Contains<RoleType>((RoleType)role);
Console.WriteLine("Contem Role: " + contain);
if (!Roles.Contains<RoleType>((RoleType)role)){
return false;
}
return true;
}catch (Exception e){
Debug.WriteLine("PermissionFilter AuthorizeCore: " + e.Message);
return false;
}
}
public override void OnAuthorization(AuthorizationContext filterContext){
base.OnAuthorization(filterContext);
if (filterContext.Result is HttpUnauthorizedResult)
filterContext.HttpContext.Response.Redirect("/Home/acessoNegado");
}
}
方法
[PermissionFilter(RoleType.Administrator, RoleType.Manager)]
public ActionResult viewAllAdmin(int? pagina, String nome){
}
然后,一切正常!
我正在尝试使用 Enum 来注释 [Authorize]。我已经配置,但它仍然不起作用,安全策略允许访问。
我没有用数字创建我的 Enum 例如:Administrator = 1 或类似的东西,我只是使用 Administrator, Manager, Common 的描述创建的。我不会创建数字作为索引,只是想按照我显示的描述来创建。
我该如何解决这个问题?
枚举
public enum RoleType{
Administrator,
Manager,
Common
};
AuthorizeAttribute
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Constructor | AttributeTargets.Enum | AttributeTargets.Method, AllowMultiple = false)]
public class PermissionFilter : AuthorizeAttribute{
public RoleType Roles {get;set;}
protected override bool AuthorizeCore(HttpContextBase httpContext){
if (httpContext == null)
throw new ArgumentNullException("httpContext");
if (!httpContext.User.Identity.IsAuthenticated)
return false;
//get the Session of User
User user = httpContext.Session["User"] as User;
RoleType role = user.role;
if (((Roles & role) != role))
return false;
return true;
}
public override void OnAuthorization(AuthorizationContext filterContext){
base.OnAuthorization(filterContext);
if (filterContext.Result is HttpUnauthorizedResult)
filterContext.HttpContext.Response.Redirect("/Home/accessDenied");
}
}
方法
[PermissionFilter(Roles= RoleType.Manager)]
public ActionResult viewAllAdmin(int? pagina, String nome){
}
问题解决了。
我做到了
AuthorizeAttribute
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Constructor | AttributeTargets.Enum | AttributeTargets.Method, AllowMultiple = false)]
public class PermissionFilter : AuthorizeAttribute{
public RoleType[] Roles;
public PermissionFilter(params RoleType[] roles){
Roles = roles;
}
protected override bool AuthorizeCore(HttpContextBase httpContext){
if (httpContext == null)
throw new ArgumentNullException("httpContext");
if (!httpContext.User.Identity.IsAuthenticated)
return false;
try{
Usuario usuario = httpContext.Session["Usuario"] as Usuario;
RoleType role = usuario.role;
Boolean contain = Roles.Contains<RoleType>((RoleType)role);
Console.WriteLine("Contem Role: " + contain);
if (!Roles.Contains<RoleType>((RoleType)role)){
return false;
}
return true;
}catch (Exception e){
Debug.WriteLine("PermissionFilter AuthorizeCore: " + e.Message);
return false;
}
}
public override void OnAuthorization(AuthorizationContext filterContext){
base.OnAuthorization(filterContext);
if (filterContext.Result is HttpUnauthorizedResult)
filterContext.HttpContext.Response.Redirect("/Home/acessoNegado");
}
}
方法
[PermissionFilter(RoleType.Administrator, RoleType.Manager)]
public ActionResult viewAllAdmin(int? pagina, String nome){
}
然后,一切正常!