public ActionResult Index(){ var t = new ControllerActionInvoker(); var c = new ControllerContext(); return View(); }
/// <summary> /// Determine if a node is accessible for a user /// </summary> /// <param name="context">Current HttpContext</param> /// <param name="node">Sitemap node</param> /// <returns>True/false if the node is accessible</returns> public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node) { // Is security trimming enabled? if (!this.SecurityTrimmingEnabled) return true; // Is it a regular node? No need for more things to do! MvcSiteMapNode mvcNode = node as MvcSiteMapNode; if (mvcNode == null) return base.IsAccessibleToUser(context, node); // Find current handler MvcHandler handler = context.Handler as MvcHandler; if (handler != null) { // It's an MvcSiteMapNode, try to figure out the controller class IController controller = ControllerBuilder.Current.GetControllerFactory().CreateController(handler.RequestContext, mvcNode.Controller); // Find all AuthorizeAttributes on the controller class and action method ControllerActionInvoker i = new ControllerActionInvoker(); ArrayList controllerAttributes = new ArrayList(controller.GetType().GetCustomAttributes(typeof(AuthorizeAttribute), true)); ArrayList actionAttributes = new ArrayList(); MethodInfo[] methods = controller.GetType().GetMethods(); foreach (MethodInfo method in methods) { object[] attributes = method.GetCustomAttributes(typeof(ActionNameAttribute), true); if ( (attributes.Length == 0 && method.Name == mvcNode.Action) || (attributes.Length > 0 && ((ActionNameAttribute)attributes[0]).Name == mvcNode.Action) ) { actionAttributes.AddRange(method.GetCustomAttributes(typeof(AuthorizeAttribute), true)); } } // Attributes found? if (controllerAttributes.Count == 0 && actionAttributes.Count == 0) return true; // Find out current principal IPrincipal principal = handler.RequestContext.HttpContext.User; // Find out configuration string roles = ""; string users = ""; if (controllerAttributes.Count > 0) { AuthorizeAttribute attribute = controllerAttributes[0] as AuthorizeAttribute; roles += attribute.Roles; users += attribute.Users; } if (actionAttributes.Count > 0) { AuthorizeAttribute attribute = actionAttributes[0] as AuthorizeAttribute; roles += attribute.Roles; users += attribute.Users; } // Still need security trimming? if (string.IsNullOrEmpty(roles) && string.IsNullOrEmpty(users) && principal.Identity.IsAuthenticated) return true; // Determine if the current user is allowed to access the current node string[] roleArray = roles.Split(','); string[] usersArray = users.Split(','); foreach (string role in roleArray) { if (role != "*" && !principal.IsInRole(role)) return false; } foreach (string user in usersArray) { if (user != "*" && (principal.Identity.Name == "" || principal.Identity.Name != user)) return false; } return true; } return false; }