public override void OnAuthorization(AuthorizationContext filterContext) { if (!filterContext.IsChildAction) { if (!filterContext.HasAttribute(typeof(AllowAnonymousAttribute))) { string area = filterContext.RouteData.DataTokens["area"] != null ? filterContext.RouteData.DataTokens["area"].ToString().ToLower() : ""; string controller = filterContext.RouteData.Values["controller"].ToString().ToLower(); string action = filterContext.RouteData.Values["action"].ToString().ToLower(); string returnUrl = filterContext.RequestContext.HttpContext.Request.Url.AbsoluteUri; var username = HttpContext.Current.Session[SessionConstant.userid]; if (username == null) { // Redirect to Login Page FormsAuthentication.SignOut(); HttpContext.Current.Session[SessionConstant.SessionPreviousUrl] = filterContext.HttpContext.Request.Url; filterContext.RedirectToLogin(); } else //nếu đang còn session { string method = HttpContext.Current.Request.HttpMethod; bool check = HDBH.Lib.Library.checkAction(area, controller, action, HttpContext.Current.Request.HttpMethod); if (!check) { bool isAllowAccess = false; string currentUrl = "/" + area + "/" + controller + "/" + action; var lsUserPermission = _cached.Get <List <UserLoginPermission> >(CachedKey.loginModuleKeyCache + RDAuthorize.UserId); if (lsUserPermission != null && lsUserPermission.Any()) { isAllowAccess = lsUserPermission.Any(x => PermissionIDs.Contains(x.permissionCode.ToUpper().Trim())); } else { filterContext.RedirectToLogin(); } if (!isAllowAccess) { HDBH.Log.WriteLog.Error("Permission => " + currentUrl + " - User: " + RDAuthorize.UserId, null); filterContext.RedirectTo403(); } } } } } }
public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext.HasAttribute(typeof(AllowAnonymousAttribute))) { return; } var username = HttpContext.Current.Session[SessionConstant.userid]; if (username == null) { filterContext.RedirectToLogin(); } else { if (filterContext.NonCheckAction()) { return; } } }