/// <summary>
/// 重写OnAuthorization方法,获取ControllerName
/// </summary>
/// <param name="filterContext"></param>
public override void OnAuthorization(AuthorizationContext filterContext)
{
try
{
this.controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
this.actionName = filterContext.ActionDescriptor.ActionName;
base.OnAuthorization(filterContext);
}
catch (Exception ex)
{
LogScopeHelper.Error(ex.Message, ex);
}
}
/// <summary>
/// 重写AuthorizeCore方法,根据数据库中的配置来判断用户是否有权限访问
/// 及根据是否单一用户登录来做判断(配置文件中配置)
/// 此方法会在OnAuthorization方法调用后调用
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool authorized = false;
try
{
if (this.controllerName.ToUpper() == "Auth".ToUpper())
{
authorized = true;
}
else
{
if (httpContext.Request.IsAuthenticated)
{
//从session中获取登录对象
if (null == Authentication.WebAccount && null == httpContext.Request.UrlReferrer)
{
return(false);
}
else if (null == Authentication.WebAccount && null != httpContext.Request.UrlReferrer)
{
return(false);
}
//将多个同时登录的用户T下线
Hashtable userOnline = (Hashtable)(httpContext.Application["Online"]);
if (userOnline != null)
{
IDictionaryEnumerator idE = userOnline.GetEnumerator();
string strkey = string.Empty;
if (userOnline.Count > 0)
{
while (idE.MoveNext())
{
//登录时判断保存的session是否与当前页面的session相同
if (userOnline.Contains(httpContext.Session.SessionID))
{
if (idE.Key != null && idE.Key.ToString().Equals(httpContext.Session.SessionID))
{
//判断当前session保存的值是否为被注销值
if (idE.Value != null && "XXXXXX".Equals(idE.Value.ToString()))
{
FormsAuthentication.SignOut();
//验证被注销则清空session
userOnline.Remove(httpContext.Session.SessionID);
httpContext.Application.Lock();
httpContext.Application["Online"] = userOnline;
httpContext.Response.Clear();
return(false);
}
}
}
}
}
}
//设置权限
authorized = true;
}
else
{
return(false);
}
}
}
catch (Exception ex)
{
LogScopeHelper.Error(ex.Message, ex);
}
return(authorized);
}
/// <summary>
/// 重写基类中的OnException,记录错误日志
/// </summary>
/// <param name="filterContext"></param>
public override void OnException(ExceptionContext filterContext)
{
Exception error = filterContext.Exception;
LogScopeHelper.Error(error.Message, error);
}
