/// <summary> /// 重写OnAuthorization方法,获取ControllerName /// </summary> /// <param name="filterContext"></param> public override void OnAuthorization(AuthorizationContext filterContext) { try { this.controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; this.actionName = filterContext.ActionDescriptor.ActionName; base.OnAuthorization(filterContext); } catch (Exception ex) { LogScopeHelper.Error(ex.Message, ex); } }
/// <summary> /// 重写AuthorizeCore方法,根据数据库中的配置来判断用户是否有权限访问 /// 及根据是否单一用户登录来做判断(配置文件中配置) /// 此方法会在OnAuthorization方法调用后调用 /// </summary> /// <param name="httpContext"></param> /// <returns></returns> protected override bool AuthorizeCore(HttpContextBase httpContext) { bool authorized = false; try { if (this.controllerName.ToUpper() == "Auth".ToUpper()) { authorized = true; } else { if (httpContext.Request.IsAuthenticated) { //从session中获取登录对象 if (null == Authentication.WebAccount && null == httpContext.Request.UrlReferrer) { return(false); } else if (null == Authentication.WebAccount && null != httpContext.Request.UrlReferrer) { return(false); } //将多个同时登录的用户T下线 Hashtable userOnline = (Hashtable)(httpContext.Application["Online"]); if (userOnline != null) { IDictionaryEnumerator idE = userOnline.GetEnumerator(); string strkey = string.Empty; if (userOnline.Count > 0) { while (idE.MoveNext()) { //登录时判断保存的session是否与当前页面的session相同 if (userOnline.Contains(httpContext.Session.SessionID)) { if (idE.Key != null && idE.Key.ToString().Equals(httpContext.Session.SessionID)) { //判断当前session保存的值是否为被注销值 if (idE.Value != null && "XXXXXX".Equals(idE.Value.ToString())) { FormsAuthentication.SignOut(); //验证被注销则清空session userOnline.Remove(httpContext.Session.SessionID); httpContext.Application.Lock(); httpContext.Application["Online"] = userOnline; httpContext.Response.Clear(); return(false); } } } } } } //设置权限 authorized = true; } else { return(false); } } } catch (Exception ex) { LogScopeHelper.Error(ex.Message, ex); } return(authorized); }
/// <summary> /// 重写基类中的OnException,记录错误日志 /// </summary> /// <param name="filterContext"></param> public override void OnException(ExceptionContext filterContext) { Exception error = filterContext.Exception; LogScopeHelper.Error(error.Message, error); }