public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext) { string Role = string.Empty; string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; string actionName = filterContext.ActionDescriptor.ActionName; //数据库验证当前Controller及Action允许访问的权限 //简单模拟 读取数据库 string MenuPath = "/" + controllerName.ToLower() + "/" + actionName.ToLower(); string CurrentRole = string.Empty; // string cookieName = FormsAuthentication.FormsCookieName; HttpCookie authCookie = System.Web.HttpContext.Current.Request.Cookies[cookieName]; FormsAuthenticationTicket authTicket = null; try { authTicket = FormsAuthentication.Decrypt(authCookie.Value); CurrentRole = authTicket.UserData; } catch (Exception ex) { System.Web.HttpContext.Current.Response.Redirect("/Home/Logins"); } if (authTicket == null) { System.Web.HttpContext.Current.Response.Redirect("/Home/Logins"); } else { //数据库验证菜单 if (MenuPath.ToLower() != "/manger/index") { if (!service.CheckRole(MenuPath, CurrentRole)) { System.Web.HttpContext.Current.Response.Redirect("/Home/Logins"); } } } base.OnAuthorization(filterContext); }