public virtual void OnAuthorization(AuthorizationContext filterContext)
{
SigninUser luser = UserHelper.GetSigninUser;
if (luser == null)
{
filterContext.Result = new RedirectResult("/Sign/In?url=" + filterContext.HttpContext.Request.RawUrl);
return;
}
_roleId = luser.RoleId.ToArray();
_namespace = filterContext.ActionDescriptor.ControllerDescriptor.ControllerType.Namespace;
_actionName = filterContext.ActionDescriptor.ActionName;
_controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerType.Name;
if (AuthorizeCore(filterContext.HttpContext))
{
// ** IMPORTANT **
// Since we're performing authorization at the action level, the authorization code runs
// after the output caching module. In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page. We work around this by telling proxies not to cache the sensitive page,
// then we hook our custom authorization code into the caching mechanism so that we have
// the final say on whether a page should be served from the cache.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
else
{
filterContext.Result = new RedirectResult("/Sign/In?m=您没有该功能的访问权限!");
return;
}
}
