public void OnAuthentication(AuthenticationContext filterContext) { //未登入 if (filterContext.Principal == null || !filterContext.Principal.Identity.IsAuthenticated) { //filterContext.Controller.TempData["UnauthorizedMessage"] = "尚未登入"; filterContext.Result = new System.Web.Mvc.HttpUnauthorizedResult(); return; } var currentUser = new UserBase(); #region 取得用户信息 try { currentUser = _userService.Integration(filterContext.Principal.Identity.Name); currentUser.CompCd = "711"; //目前網頁只for超商,部份廠商服務多個Bu(帳號主檔無公司別) if (currentUser == null) { filterContext.Controller.TempData["UnauthorizedMessage"] = "找不到用户信息"; filterContext.Result = new System.Web.Mvc.HttpUnauthorizedResult(); return; } currentUser.CalcAuth(); } catch (Exception ex) { filterContext.Controller.TempData["UnauthorizedMessage"] = ex.Message; filterContext.Result = new System.Web.Mvc.HttpUnauthorizedResult(); return; } #endregion #region 检查controller action上的meta Data //取得Menu上的權限定義 MenuNodeAttribute actionAuthDefine = null; foreach (object item in filterContext.ActionDescriptor.GetCustomAttributes(false)) { actionAuthDefine = item as MenuNodeAttribute; if (actionAuthDefine != null) { break; } } #endregion #region 取得controller加action的組合名稱groupName string groupName = "bypass"; if (actionAuthDefine != null) { //組合GroupName string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; if (string.IsNullOrEmpty(actionAuthDefine.GroupName)) { groupName = controllerName; } else { groupName = controllerName + "_" + actionAuthDefine.GroupName; } } #endregion PtcIdentity id = null; try { //没有设定meta Data if (groupName == "bypass") { id = new PtcIdentity( filterContext.Principal.Identity, currentUser, "No GroupName", null); } else { id = new PtcIdentity( filterContext.Principal.Identity, currentUser, groupName, actionAuthDefine); } //产生身份信息 filterContext.Principal = new GenericPrincipal(id, null); } catch (Exception ex) { filterContext.Controller.TempData["UnauthorizedMessage"] = ex.Message; filterContext.Result = new System.Web.Mvc.HttpUnauthorizedResult(); return; } }