Пример #1
0
        protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            // 这是base.IsAuthorized里的逻辑
            //IPrincipal principal = actionContext.ControllerContext.RequestContext.Principal;
            //return principal != null && principal.Identity != null
            //    && principal.Identity.IsAuthenticated &&
            //    (
            //        (this._usersSplit.Length <= 0 || ((IEnumerable<string>)this._usersSplit).Contains<string>(principal.Identity.Name, (IEqualityComparer<string>)StringComparer.OrdinalIgnoreCase))
            //        &&
            //        (this._rolesSplit.Length <= 0 || ((IEnumerable<string>)this._rolesSplit).Any<string>(new Func<string, bool>(principal.IsInRole)))
            //     );

            // 下在可替换成自己的授权逻辑代码
            AuthorizeService authorizeService = new AuthorizeService(new DB());
            var resourceName = actionContext.ActionDescriptor.GetCustomAttributes <RBAuthorizeAttribute>().Any()
                ? actionContext.ActionDescriptor.ActionName
                : actionContext.ControllerContext.ControllerDescriptor.ControllerName;
            var        roleNames = authorizeService.GetResourceRoleNames(resourceName);
            IPrincipal principal = actionContext.ControllerContext.RequestContext.Principal;

            return(principal != null && principal.Identity != null &&
                   principal.Identity.IsAuthenticated &&
                   (
                       (((IEnumerable <string>)roleNames).Any <string>(new Func <string, bool>(principal.IsInRole)))
                   ));
        }