Beispiel #1
0
        /// <summary>
        /// 操作授权验证
        /// </summary>
        /// <param name="context"></param>
        /// <returns></returns>
        public static AuthorizeResult CheckAuthorization(AuthorizationFilterContext context)
        {
            if (context == null)
            {
                return(AuthorizeResult.ChallengeResult());
            }

            #region 操作信息

            string       controllerName = context.RouteData.Values["controller"].ToString();
            string       actionName     = context.RouteData.Values["action"].ToString();
            string       methodName     = context.HttpContext.Request.Method;
            OperationDto operation      = new OperationDto()
            {
                ControllerCode = controllerName,
                ActionCode     = actionName
            };

            #endregion

            //登陆用户
            var loginUser = IdentityManager.GetLoginUser();
            if (loginUser == null)
            {
                return(AuthorizeResult.ChallengeResult());
            }
            var allowAccess = CheckAuthorization(loginUser, operation);
            return(allowAccess ? AuthorizeResult.SuccessResult() : AuthorizeResult.ForbidResult());
        }
Beispiel #2
0
        /// <summary>
        /// 授权验证
        /// </summary>
        /// <param name="request">认证授权信息</param>
        /// <returns></returns>
        public static AuthorizeResult CheckAuthorization(AuthorizeOptions request)
        {
            if (request == null)
            {
                return(AuthorizeResult.ForbidResult());
            }
            var operation = new OperationDto()
            {
                ActionCode     = request.Action,
                ControllerCode = request.Controller
            };
            var user = AuthenticationUser <long> .GetUserFromClaims(request.Claims?.Select(c => new Claim(c.Key, c.Value)).ToList());

            var allowAccess = CheckAuthorization(user, operation);

            return(new AuthorizeResult()
            {
                Status = allowAccess ? AuthorizationStatus.Success : AuthorizationStatus.Forbid
            });
        }