public override void OnAuthorization(AuthorizationContext filterContext) { var skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true); if (skipAuthorization) { return; } var authCookie = AuthenticationHelper.GetAuthCookie(AuthorizeName ?? "User"); // 驗證失敗要轉換的網址 RedirectToRouteResult authorizeUrl = new RedirectToRouteResult( new RouteValueDictionary( new { controller = AuthorizeController ?? "Account", action = AuthorizeAction ?? "Login", area = AuthorizeArea, returnUrl = filterContext.HttpContext.Request.RawUrl })); if (!AuthenticationHelper.CheckAuthorization(authCookie, Roles, Users)) { filterContext.Result = authorizeUrl; } }
/// <summary> /// 判斷指定使用者在指定的驗證名稱下是否存在且有權限 /// </summary> /// <param name="request"></param> /// <param name="authorizeName">用來分別不同登入驗證的名稱</param> /// <param name="users">使用者</param> /// <returns></returns> public static bool IsAuthenticatedUser(this HttpRequestBase request, string authorizeName, string users) { HttpCookie authCookie = AuthenticationHelper.GetAuthCookie(authorizeName); return(AuthenticationHelper.CheckAuthorization(users, authCookie)); }
/// <summary> /// 判斷指定角色在指定的驗證名稱下是否存在且有權限 /// </summary> /// <param name="request"></param> /// <param name="authorizeName">用來分別不同登入驗證的名稱</param> /// <param name="roles">角色</param> /// <returns></returns> public static bool IsAuthenticatedRole(this HttpRequestBase request, string authorizeName, string roles) { HttpCookie authCookie = AuthenticationHelper.GetAuthCookie(authorizeName); return(AuthenticationHelper.CheckAuthorization(authCookie, roles)); }