protected override bool AuthorizeCore(HttpContextBase httpContext)
{
HttpCookie authCookie = httpContext.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie == null || authCookie.Value == "" || authCookie.Value == null)
{
//游客
if (mAllPermission.IndexOf("," + mControllerName + ",") < 0 || mAllPermission.IndexOf("," + mControllerName + "." + mActionName + ",") < 0)
{
httpContext.Response.StatusCode = 401;//未登录
return(false);
}
else
{
return(true);
}
}
else
{
//登陆用户
try
{
MyUser tmpUser = httpContext.User as MyUser;
if (tmpUser == null)
{
//清除状态,cookie有错误
httpContext.Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.MinValue;
httpContext.Response.StatusCode = 401;//登录异常
return(false);
}
if ((tmpUser.HavePermission("ALL") || tmpUser.HavePermissionInAction(mControllerName, mActionName)) && !tmpUser.HaveDeny(mControllerName, mActionName))
{
return(true);
}
else
{
httpContext.Response.StatusCode = 403;//无权限状态码
return(false);
}
}
catch
{
httpContext.Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.MinValue;
httpContext.Response.StatusCode = 401;//登录异常
return(false);
}
}
}
