限制訪問某些路由值

Question

如何防止用戶訪問certail url（例如/ Edit/4）？ ID 4不屬於他，所以我想顯示未經授權的頁面。

我在數據庫中有一個userId字段我可以檢查url中的id是否可以顯示。

我試過了一個自定義authorizeattribute，但我不知道如何訪問發送給actionresult的參數。

public class EditOwnAttribute : AuthorizeAttribute 
{ 
    // Custom property 
    public string Level { get; set; } 
    protected override bool AuthorizeCore(HttpContextBase httpContext) 
    { 
     var isAuthorized = base.AuthorizeCore(httpContext); 
     if (!isAuthorized) 
     { 
      return false; 
     } 




     return false; 
    } 

Answer 1

我用限制與自定義授權訪問過濾器像下面

[FeatureAuthentication(AllowFeature="OverView")] 
    public ActionResult Index() 
    { 
    } 

然後

public class FeatureAuthenticationAttribute : FilterAttribute, IAuthorizationFilter 
{ 
    public FeatureConst AllowFeature { get; set; } 

    public void OnAuthorization(AuthorizationContext filterContext) 
    { 
     //var featureConst = (FeatureConst)filterContext.RouteData.Values["AllowFeature"]; 

     var filterAttribute = filterContext.ActionDescriptor.GetFilterAttributes(true) 
           .Where(a => a.GetType() == typeof(FeatureAuthenticationAttribute)); 
     if (filterAttribute != null) 
     { 
      foreach (FeatureAuthenticationAttribute attr in filterAttribute) 
      { 
       AllowFeature = attr.AllowFeature; 
      } 

      User currentLoggedInUser = (User)filterContext.HttpContext.Session["CurrentUser"]; 
      bool allowed = ACLAccessHelper.IsAccessible(AllowFeature.ToString(), currentLoggedInUser); 
      // do your logic... 
      if (!allowed) 
      { 
       string unAuthorizedUrl = new UrlHelper(filterContext.RequestContext).RouteUrl(new { controller = "home", action = "UnAuthorized" }); 
       filterContext.HttpContext.Response.Redirect(unAuthorizedUrl); 
      } 
     } 
    } 
}