/// <summary> /// 根据当前Controller和Action名称获取对应节点内容 /// </summary> /// <param name="action">Action名称</param> /// <param name="controller">Controller名称</param> /// <returns></returns> public string GetActionRoles(string action, string controller) { using (DataWallContext db = new DataWallContext()) { SysActionRole sysActionRole = db.SysActionRoles.FirstOrDefault(s => s.ControllerName == controller & s.ActionName == action); if (sysActionRole != null) { if (sysActionRole.User != null) { return(sysActionRole.User); } } return(""); } }
/// <summary> /// 提供一个入口点用于自定义授权检查,通过为true /// </summary> /// <param name="filterContext"></param> public override void OnAuthorization(AuthorizationContext filterContext) { using (DataWallContext db = new DataWallContext()) { var Cookies = SecurityHelper.DecryptDES(CookieHelper.GetCookieValue("User"), db.SysProgramInfos.AsNoTracking().FirstOrDefault().CookieSecretKey); string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; string actionName = filterContext.ActionDescriptor.ActionName; //获取数据库中action允许的角色 string User = GetActionRoles(actionName, controllerName); if (!string.IsNullOrWhiteSpace(User)) { this.AuthRoles = User.Split(new string[] { "," }, StringSplitOptions.RemoveEmptyEntries); } else { this.AuthRoles = new string[] { }; } base.OnAuthorization(filterContext); } }
/// <summary> /// 在请求授权时调用 /// </summary> /// <param name="httpContext"></param> /// <returns></returns> protected override bool AuthorizeCore(HttpContextBase httpContext) { using (DataWallContext db = new DataWallContext()) { if (httpContext == null) { throw new ArgumentNullException("HttpContext"); } if (AuthRoles == null || AuthRoles.Length == 0) { return(false); } #region 确定当前用户角色是否属于指定的角色 //获取当前登陆用户所在角色 var Cookies = SecurityHelper.DecryptDES(CookieHelper.GetCookieValue("User"), db.SysProgramInfos.AsNoTracking().FirstOrDefault().CookieSecretKey); UserCookie user = JsonConvert.DeserializeObject <UserCookie>(Cookies); if (user != null) { //验证用户是否被禁用 if (db.SysUsers.FirstOrDefault(u => u.UserName == user.UserName & u.IsEnable == 0 & u.DelState == 0) != null) { //验证是否属于对应角色 for (int i = 0; i < AuthRoles.Length; i++) { if (user.RoleName.Contains(AuthRoles[i])) { return(true); } } } } #endregion return(false); } }
/// <summary> /// AuthorizeCore返回false时执行 /// </summary> /// <param name="filterContext"></param> protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { using (DataWallContext db = new DataWallContext()) { var Cookies = SecurityHelper.DecryptDES(CookieHelper.GetCookieValue("User"), db.SysProgramInfos.AsNoTracking().FirstOrDefault().CookieSecretKey); base.HandleUnauthorizedRequest(filterContext); if (Cookies.Length != 0) { UserCookie user = JsonConvert.DeserializeObject <UserCookie>(Cookies); //验证用户是否被禁用或删除 if (db.SysUsers.FirstOrDefault(u => u.IsEnable == 0 & u.DelState == 0 & u.UserName == user.UserName) != null) { if (filterContext != null) { filterContext.Result = new JsonResult { Data = new { code = "401", msg = "您没有权限进行该操作!" }, JsonRequestBehavior = JsonRequestBehavior.AllowGet }; } } else { if (filterContext.HttpContext.Request.IsAjaxRequest()) { filterContext.Result = new JsonResult { Data = new { code = "402", msg = "登录超时,请重新登录!", url = "/Admin/Login" }, JsonRequestBehavior = JsonRequestBehavior.AllowGet }; } else { //跳转至登录超时页面 filterContext.Result = new RedirectResult("/Error/ErrorLoginTimeout"); //当前访问页面:filterContext.HttpContext.Request.Url //filterContext.HttpContext.Response.Redirect("/Admin/Login"); } } } else { if (filterContext.HttpContext.Request.IsAjaxRequest()) { filterContext.Result = new JsonResult { Data = new { code = "402", msg = "登录超时,请重新登录!", url = "/Admin/Login" }, JsonRequestBehavior = JsonRequestBehavior.AllowGet }; } else { //跳转至登录超时页面 filterContext.Result = new RedirectResult("/Error/ErrorLoginTimeout"); //当前访问页面:filterContext.HttpContext.Request.Url //filterContext.HttpContext.Response.Redirect("/Admin/Login"); } } } }