我認爲你可以添加一個公共屬性到你的自定義AuthorizeAttribute。
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
/// <summary>
/// Add the allowed roles to this property.
/// </summary>
public YourCustomRoles RequiredRole;
public int YourCustomValue;
/// <summary>
/// Checks to see if the user is authenticated and has the
/// correct role to access a particular view.
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null) throw new ArgumentNullException("httpContext");
// Make sure the user is authenticated.
if (httpContext.User.Identity.IsAuthenticated == false) return false;
// Can use your properties if needed and do your checks
bool authorized = DoSomeCustomChecksHere();
return authorized;
}
}
用法我想會(還沒有嘗試過,雖然):
[CustomAuthorizeAttribute (RequiredRole=MyCustomRole.Role1 | MyCustomRole.Role2, YourCustomValue=1234)]
是可行的,例如[Authorize.IsInRole( 「XXX」)控制器之前,過濾器? thnx – DucDigital 2009-09-20 04:22:36
感謝您的這一點,只需將其實施到我的新授權類,並在控制器過濾器中調用它。 :) – DucDigital 2009-09-20 19:20:43