开发者

Check if session exists via ActionFilter

问答 作者:

I have a project that I've built without using the default template, instead I did everything from beginning.

Now I need to implement checks for admin and I don't think that

public ActionResult someAction()
{
   if (session exists)
   {
      // do it
   }
   else
   {
      //redirect back or show 403
   }
}

is a good idea on every delete/edit/create actions.

What I want to do instead is build action filter that will check if admin session exists and if there is no session it will redirect to 403 or something like that.

[AdminCheck]   
public ActionResult someAction()
{
   // do it
}

However I don't know how to do that. I've did some research and put it up, but I have no idea how to implement functionality in it.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace stevePortfolio.Infrastructure
{
    public class AdminCheck : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingC开发者_Python百科ontext filterContext)
        {
            base.OnActionExecuting(filterContext);
            // No idea what to write here...
        }
    }
}

You should use the AuthorizeAttribute for this. You can use it out of the box to check if the user is a member of a specific role like this:

[Authorize(Roles = "IsAdmin")]   
public ActionResult DoStuff()
{
   //action body
}

or you can Subclass it if you need more complexity and place in the required code.

public class AuthorizeByRightAttribute : AuthorizeAttribute
    {
       protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
        {
            var authorized = base.AuthorizeCore(httpContext);
            if (authorized && controller != null)
            {
                //Return true or false based on some criteria
            }

        }

You can then handle an unauthorized request any way you want. The example below does it by issuing a HTTP status code 403 and a jsonresult for my ajax methods to check, or for normal http requests, redirects to the "Not Authorized" page.

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            if (!controller.PortalSession.ValidSession)
            {
                base.HandleUnauthorizedRequest(filterContext);
            }
            else
            {
                if (filterContext.RequestContext.HttpContext.Request.IsAjaxRequest())
                {
                    //base.HandleUnauthorizedRequest(filterContext);
                    filterContext.RequestContext.HttpContext.Response.StatusCode = 403;
                    var result = new JsonResult();
                    result.Data = new {Success=false};
                    result.JsonRequestBehavior = JsonRequestBehavior.AllowGet;
                    filterContext.Result = result;
                    return;
                }

                filterContext.Result = new RedirectToRouteResult(
                    new RouteValueDictionary
                        {
                            {"controller", MVC.Login.Name},
                            {"action", MVC.Login.ActionNames.NotAuthorized},
                            {"group", RequiredRole}
                        });
            }


        }

That's what the Authorize attibute in ASP.NET MVC is for:

[Authorize(Roles = "adminRole")]   
public ActionResult someAction()
{
   // do it
}

What it does is basically a call to HttpContext.Current.User.IsInRole("Admin").

To set the roles you need a RoleProvider: http://msdn.microsoft.com/en-us/library/system.web.security.roleprovider.aspx

You can also check for users:

[Authorize(Users = "Admin1,Admin2")]   
public ActionResult someAction()
{
   // do it
}

继续阅读:asp.netasp.net-mvc-3

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9