public ActionResult Index(){
var t = new ControllerActionInvoker();
var c = new ControllerContext();
return View();
}
/// <summary>
/// Determine if a node is accessible for a user
/// </summary>
/// <param name="context">Current HttpContext</param>
/// <param name="node">Sitemap node</param>
/// <returns>True/false if the node is accessible</returns>
public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
{
// Is security trimming enabled?
if (!this.SecurityTrimmingEnabled)
return true;
// Is it a regular node? No need for more things to do!
MvcSiteMapNode mvcNode = node as MvcSiteMapNode;
if (mvcNode == null)
return base.IsAccessibleToUser(context, node);
// Find current handler
MvcHandler handler = context.Handler as MvcHandler;
if (handler != null)
{
// It's an MvcSiteMapNode, try to figure out the controller class
IController controller = ControllerBuilder.Current.GetControllerFactory().CreateController(handler.RequestContext, mvcNode.Controller);
// Find all AuthorizeAttributes on the controller class and action method
ControllerActionInvoker i = new ControllerActionInvoker();
ArrayList controllerAttributes = new ArrayList(controller.GetType().GetCustomAttributes(typeof(AuthorizeAttribute), true));
ArrayList actionAttributes = new ArrayList();
MethodInfo[] methods = controller.GetType().GetMethods();
foreach (MethodInfo method in methods)
{
object[] attributes = method.GetCustomAttributes(typeof(ActionNameAttribute), true);
if (
(attributes.Length == 0 && method.Name == mvcNode.Action)
|| (attributes.Length > 0 && ((ActionNameAttribute)attributes[0]).Name == mvcNode.Action)
)
{
actionAttributes.AddRange(method.GetCustomAttributes(typeof(AuthorizeAttribute), true));
}
}
// Attributes found?
if (controllerAttributes.Count == 0 && actionAttributes.Count == 0)
return true;
// Find out current principal
IPrincipal principal = handler.RequestContext.HttpContext.User;
// Find out configuration
string roles = "";
string users = "";
if (controllerAttributes.Count > 0)
{
AuthorizeAttribute attribute = controllerAttributes[0] as AuthorizeAttribute;
roles += attribute.Roles;
users += attribute.Users;
}
if (actionAttributes.Count > 0)
{
AuthorizeAttribute attribute = actionAttributes[0] as AuthorizeAttribute;
roles += attribute.Roles;
users += attribute.Users;
}
// Still need security trimming?
if (string.IsNullOrEmpty(roles) && string.IsNullOrEmpty(users) && principal.Identity.IsAuthenticated)
return true;
// Determine if the current user is allowed to access the current node
string[] roleArray = roles.Split(',');
string[] usersArray = users.Split(',');
foreach (string role in roleArray)
{
if (role != "*" && !principal.IsInRole(role)) return false;
}
foreach (string user in usersArray)
{
if (user != "*" && (principal.Identity.Name == "" || principal.Identity.Name != user)) return false;
}
return true;
}
return false;
}
