// 只需重载此方法,模拟自定义的角色授权机制 protected override bool AuthorizeCore(HttpContextBase httpContext) { CacheLib.Cache cache = new CacheLib.Cache(); AccountLib.UserHandle userHandle = new AccountLib.UserHandle(); string key = userHandle.getTicket(); if (key == null) { this._code = 1; return false; } MyPrincipal user = cache.Get<MyPrincipal>(key); if (user == null) { this._code = 1; return false; } if (!user.Identity.IsAuthenticated)//判断用户是否通过验证 { this._code = 1; return false; } string[] StrRoles = Roles.Split(',');//通过逗号来分割允许进入的用户角色 if (string.IsNullOrWhiteSpace(Roles))//如果只要求用户登录,即可访问的话 { this._code = 0; return true; } bool isAccess = JudgeAuthorize(user.Identity.Name, StrRoles); if (StrRoles.Length < 1 || !isAccess) //先判断是否有设用户权限,如果没有不允许访问 { this._code = 2; return false; } return true; }
private bool CanPass() { ////这里朋友们可以根据自己的需要改为从数据库中验证用户名和密码, ////这里为了方便我直接指定的字符串 //if (userID == "yan0lovesha" && password == "iloveshasha") //{ // return true; //} //else //{ // return false; //} AccountLib.UserHandle userHandle = new AccountLib.UserHandle(); System.Data.DataSet ds = userHandle.Login(userID, password); if (ds == null) { return false; } else { this._sAuthenticationType = ds.Tables[0].Rows[0]["UserTypeText"].ToString(); return true; } }
private void userSignIn(MyPrincipal user) { AccountLib.UserHandle userHandle = new AccountLib.UserHandle(); CacheLib.Cache cache = new CacheLib.Cache(); string key = cache.Add<MyPrincipal>("user", user); userHandle.saveTicket(key); }