protected override bool IsAuthorized(HttpActionContext actionContext)
{
// 这是base.IsAuthorized里的逻辑
//IPrincipal principal = actionContext.ControllerContext.RequestContext.Principal;
//return principal != null && principal.Identity != null
// && principal.Identity.IsAuthenticated &&
// (
// (this._usersSplit.Length <= 0 || ((IEnumerable<string>)this._usersSplit).Contains<string>(principal.Identity.Name, (IEqualityComparer<string>)StringComparer.OrdinalIgnoreCase))
// &&
// (this._rolesSplit.Length <= 0 || ((IEnumerable<string>)this._rolesSplit).Any<string>(new Func<string, bool>(principal.IsInRole)))
// );
// 下在可替换成自己的授权逻辑代码
AuthorizeService authorizeService = new AuthorizeService(new DB());
var resourceName = actionContext.ActionDescriptor.GetCustomAttributes <RBAuthorizeAttribute>().Any()
? actionContext.ActionDescriptor.ActionName
: actionContext.ControllerContext.ControllerDescriptor.ControllerName;
var roleNames = authorizeService.GetResourceRoleNames(resourceName);
IPrincipal principal = actionContext.ControllerContext.RequestContext.Principal;
return(principal != null && principal.Identity != null &&
principal.Identity.IsAuthenticated &&
(
(((IEnumerable <string>)roleNames).Any <string>(new Func <string, bool>(principal.IsInRole)))
));
}
