如何修改授權屬性，以允許一組用戶角色的MVC 3

Question

在我MVC3 WEP的應用程序，我已經擴展了授權屬性類似下面

public class MyAuthorizeAttribute : AuthorizeAttribute 
{ 
    protected override bool AuthorizeCore(HttpContextBase httpContext) 
    { 
     if (Authenticate.IsAuthenticated() && httpContext.User.Identity.IsAuthenticated) 
     { 
      var authCookie = httpContext.Request.Cookies[FormsAuthentication.FormsCookieName]; 
      if (authCookie != null) 
      { 
       var ticket = FormsAuthentication.Decrypt(authCookie.Value); 
       var roles = ticket.UserData.Split('|'); 
       var identity = new GenericIdentity(ticket.Name); 
       httpContext.User = new GenericPrincipal(identity, roles); 
      } 
     } 
     return base.AuthorizeCore(httpContext); 
    } 

    public override void OnAuthorization(AuthorizationContext filterContext) 
    { 

     if (!Authenticate.IsAuthenticated()) 
      HandleUnauthorizedRequest(filterContext); 


     base.OnAuthorization(filterContext); 

    } 

在我的動作，我用它像

[MyAuthorize(Roles = "Member,Inspector,SalesRep,Admin,SuperAdmin")] 
    public ActionResult OrderUpload() 

現在，我必須在每個操作中指定每個用戶角色。我想這樣做是 指定類似下面

[MyAuthorize(Roles = "Member")] 
    public ActionResult OrderUpload() 

，這應該允許任何用戶角色是等於或高於「會員」。因此應該允許「SalesRep」，不允許「Member」下的「Visitor」。

所有用戶角色都用枚舉越來越多

public enum UserAccountType 
{ 
    Visitor = 5, 
    Member = 10, 
    Inspector = 15, 
    SalesRep = 20, 
    Admin = 25, 
    SuperAdmin = 30 
} 

如何修改MyAuthorizeAttribute，使這項工作？

感謝

Answer 1

這是我工作的代碼

public class MyAuthorizeAttribute : AuthorizeAttribute 
{ 
    protected override bool AuthorizeCore(HttpContextBase httpContext) 
    { 
     if (Authenticate.IsAuthenticated() && httpContext.User.Identity.IsAuthenticated) 
     { 
      var authCookie = httpContext.Request.Cookies[FormsAuthentication.FormsCookieName]; 
      string[] roles = null; 

      if (authCookie != null) 
      { 
       var ticket = FormsAuthentication.Decrypt(authCookie.Value); 
       roles = ticket.UserData.Split('|'); 
       var identity = new GenericIdentity(ticket.Name); 
       httpContext.User = new GenericPrincipal(identity, roles); 
      } 

      if (Roles == string.Empty) 
       return true; 

      //Assuming Roles given in the MyAuthorize attribute will only have 1 UserAccountType - if more than one, no errors thrown but will always return false 
      else if ((UserAccountType)Enum.Parse(typeof(UserAccountType), roles[0]) >= (UserAccountType)Enum.Parse(typeof(UserAccountType), Roles)) 
       return true; 
      else 
       return false; 
     } 
     else 
      return false; 

     //return base.AuthorizeCore(httpContext); 
    } 

    public override void OnAuthorization(AuthorizationContext filterContext) 
    { 
     if (!Authenticate.IsAuthenticated()) 
      HandleUnauthorizedRequest(filterContext); 

     base.OnAuthorization(filterContext); 
    } 
} 

Answer 2

我不使用AuthorizeAttribute但ActionFilter（這只是我，這就是我如何學會了），但我會做的是增加對AuthorizeAttribute一個屬性當屬性被前引發了被更新行動。

public class MyAuthorizeAttribute : AuthorizeAttribute 
{ 
    private string Role = ""; 

    public MyAuthorizeAttribute(string role){ 
     this.Role = role; 
    } 

    protected override bool AuthorizeCore(HttpContextBase httpContext) 
    { 
      : 
      : 
      : 
      // now do a check if the Role is authorized or not using your enum. 
      // return error page if not 
      if(RoleisAuthorized) 
      return; 
      else 
      // error page 

    } 

    public override void OnAuthorization(AuthorizationContext filterContext) 
    { 
      : 
      : 
      : 
    } 
} 

現在你得到這個角色後，去從枚舉得到它，如果比較的作用被允許訪問該網頁或沒有，如果沒有返回錯誤頁面。所以，因爲我不熟悉OnAuthorization，我會把這個進程放在AuthorizeCore中。