Beispiel #1
0
        public ActionResult Index(){
            var t = new ControllerActionInvoker();

            var c = new ControllerContext();

            

            return View();
        }
        /// <summary>
        /// Determine if a node is accessible for a user
        /// </summary>
        /// <param name="context">Current HttpContext</param>
        /// <param name="node">Sitemap node</param>
        /// <returns>True/false if the node is accessible</returns>
        public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
        {
            // Is security trimming enabled?
            if (!this.SecurityTrimmingEnabled)
                return true;

            // Is it a regular node? No need for more things to do!
            MvcSiteMapNode mvcNode = node as MvcSiteMapNode;
            if (mvcNode == null)
                return base.IsAccessibleToUser(context, node);

            // Find current handler
            MvcHandler handler = context.Handler as MvcHandler;

            if (handler != null)
            {
                // It's an MvcSiteMapNode, try to figure out the controller class
                IController controller = ControllerBuilder.Current.GetControllerFactory().CreateController(handler.RequestContext, mvcNode.Controller);

                // Find all AuthorizeAttributes on the controller class and action method
                ControllerActionInvoker i = new ControllerActionInvoker();
                ArrayList controllerAttributes = new ArrayList(controller.GetType().GetCustomAttributes(typeof(AuthorizeAttribute), true));
                ArrayList actionAttributes = new ArrayList();
                MethodInfo[] methods = controller.GetType().GetMethods();
                foreach (MethodInfo method in methods)
                {
                    object[] attributes = method.GetCustomAttributes(typeof(ActionNameAttribute), true);
                    if (
                        (attributes.Length == 0 && method.Name == mvcNode.Action)
                        || (attributes.Length > 0 && ((ActionNameAttribute)attributes[0]).Name == mvcNode.Action)
                        )
                    {
                        actionAttributes.AddRange(method.GetCustomAttributes(typeof(AuthorizeAttribute), true));
                    }
                }

                // Attributes found?
                if (controllerAttributes.Count == 0 && actionAttributes.Count == 0)
                    return true;

                // Find out current principal
                IPrincipal principal = handler.RequestContext.HttpContext.User;

                // Find out configuration
                string roles = "";
                string users = "";
                if (controllerAttributes.Count > 0)
                {
                    AuthorizeAttribute attribute = controllerAttributes[0] as AuthorizeAttribute;
                    roles += attribute.Roles;
                    users += attribute.Users;
                }
                if (actionAttributes.Count > 0)
                {
                    AuthorizeAttribute attribute = actionAttributes[0] as AuthorizeAttribute;
                    roles += attribute.Roles;
                    users += attribute.Users;
                }

                // Still need security trimming?
                if (string.IsNullOrEmpty(roles) && string.IsNullOrEmpty(users) && principal.Identity.IsAuthenticated)
                    return true;

                // Determine if the current user is allowed to access the current node
                string[] roleArray = roles.Split(',');
                string[] usersArray = users.Split(',');
                foreach (string role in roleArray)
                {
                    if (role != "*" && !principal.IsInRole(role)) return false;
                }
                foreach (string user in usersArray)
                {
                    if (user != "*" && (principal.Identity.Name == "" || principal.Identity.Name != user)) return false;
                }

                return true;
            }

            return false;
        }