public virtual void OnAuthorization(AuthorizationContext filterContext) { SigninUser luser = UserHelper.GetSigninUser; if (luser == null) { filterContext.Result = new RedirectResult("/Sign/In?url=" + filterContext.HttpContext.Request.RawUrl); return; } _roleId = luser.RoleId.ToArray(); _namespace = filterContext.ActionDescriptor.ControllerDescriptor.ControllerType.Namespace; _actionName = filterContext.ActionDescriptor.ActionName; _controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerType.Name; if (AuthorizeCore(filterContext.HttpContext)) { // ** IMPORTANT ** // Since we're performing authorization at the action level, the authorization code runs // after the output caching module. In the worst case this could allow an authorized user // to cause the page to be cached, then an unauthorized user would later be served the // cached page. We work around this by telling proxies not to cache the sensitive page, // then we hook our custom authorization code into the caching mechanism so that we have // the final say on whether a page should be served from the cache. HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); } else { filterContext.Result = new RedirectResult("/Sign/In?m=您没有该功能的访问权限!"); return; } }
public void Apply(HttpCachePolicyBase policy) { policy.ThrowIfNull("policy"); if (!_hasPolicy) { return; } switch (_cacheability) { case HttpCacheability.NoCache: policy.SetCacheability(_allowsServerCaching == true ? HttpCacheability.ServerAndNoCache : HttpCacheability.NoCache); break; case HttpCacheability.Private: policy.SetCacheability(_allowsServerCaching == true ? HttpCacheability.ServerAndPrivate : HttpCacheability.Private); break; case HttpCacheability.Public: policy.SetCacheability(HttpCacheability.Public); break; } if (_noStore == true) { policy.SetNoStore(); } if (_noTransforms == true) { policy.SetNoTransforms(); } if (_clientCacheExpirationUtcTimestamp != null) { policy.SetExpires(_clientCacheExpirationUtcTimestamp.Value); } if (_clientCacheMaxAge != null) { policy.SetMaxAge(_clientCacheMaxAge.Value); } if (_allowResponseInBrowserHistory != null) { policy.SetAllowResponseInBrowserHistory(_allowResponseInBrowserHistory.Value); } if (_eTag != null) { policy.SetETag(_eTag); } if (_omitVaryStar != null) { policy.SetOmitVaryStar(_omitVaryStar.Value); } if (_proxyMaxAge != null) { policy.SetProxyMaxAge(_proxyMaxAge.Value); } if (_revalidation != null) { policy.SetRevalidation(_revalidation.Value); } }