// 只需重载此方法,模拟自定义的角色授权机制
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
CacheLib.Cache cache = new CacheLib.Cache();
AccountLib.UserHandle userHandle = new AccountLib.UserHandle();
string key = userHandle.getTicket();
if (key == null)
{
this._code = 1;
return false;
}
MyPrincipal user = cache.Get<MyPrincipal>(key);
if (user == null)
{
this._code = 1;
return false;
}
if (!user.Identity.IsAuthenticated)//判断用户是否通过验证
{
this._code = 1;
return false;
}
string[] StrRoles = Roles.Split(',');//通过逗号来分割允许进入的用户角色
if (string.IsNullOrWhiteSpace(Roles))//如果只要求用户登录,即可访问的话
{
this._code = 0;
return true;
}
bool isAccess = JudgeAuthorize(user.Identity.Name, StrRoles);
if (StrRoles.Length < 1 || !isAccess) //先判断是否有设用户权限,如果没有不允许访问
{
this._code = 2;
return false;
}
return true;
}
public void Load()
{
CacheLib.Cache cache = new CacheLib.Cache();
CacheLib.Cookie cookie = new CacheLib.Cookie();
string key = cookie.GetCookie("codes");
this._Codes = cache.Get<DataTable>(key);
}