ASP.NET MVC Authorization based on Route Params
My site allows people to edit posts. I want people to only edit their posts. I'd want an authori开发者_如何学Czation attribute like:
[CanEditPost(PostId = Id)]
ActionResult Edit(int Id) { }
But it seems like parameters to attributes have to be static, which makes this impossible. Is there any way to get around this?
Yes.
If you create an attribute that inherits from AuthorizeAttribute
,
you should be able to access the route parameters by:
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var postId = httpContext.Request.RequestContext.RouteData.Values["Id"];
.
.
.
}
精彩评论