开发者

ASP.NET MVC Authorization based on Route Params

My site allows people to edit posts. I want people to only edit their posts. I'd want an authori开发者_如何学Czation attribute like:

[CanEditPost(PostId = Id)]
ActionResult Edit(int Id) { }

But it seems like parameters to attributes have to be static, which makes this impossible. Is there any way to get around this?


Yes.

If you create an attribute that inherits from AuthorizeAttribute,

you should be able to access the route parameters by:

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    var postId = httpContext.Request.RequestContext.RouteData.Values["Id"];
    .
    .
    .
}
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜