我正在尝试实现通用的多个Authorize属性,该属性理解每个方法都是由角色授权的,该角色指定了将在所有方法中使用的名为“ SysAdmin”的角色,示例:
[Authorize(Roles = "Role_A,SysAdmin")]
public Method1
{
//actions
}
[Authorize(Roles = "Role_B,SysAdmin")]
public Method2
{
//actions
}
[Authorize(Roles = "Role_C,SysAdmin")]
public Method3
{
//actions
}
我认为在所有方法中都重复SysAdmin不是一个好主意,是否有任何解决方案可以将其通用化?
由于您始终需要检查SysAdmin角色,因此我们可以将其在属性中保持不变。
[AuthorizeUser(Role = "Role_A")]
public Method1
{
//actions
}
using System.Linq;
public class AuthorizeUserAttribute : AuthorizeAttribute
{
public string Role{ get; set; }
private readonly string SysAdmin = "SysAdmin";
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAuthorized = base.AuthorizeCore(httpContext);
if (!isAuthorized)
{
return false;
}
// method to get roles array by user name from db or claims
string roles = GetUserRoles(httpContext.User.Identity.Name.ToString());
var splittedRoles = Role.split(",");
return roles.Any(x => splittedRoles.Any(y => y == x || y == SysAdmin))
}
}
重写以下方法以返回未授权用户
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)