ASP.Net 身份 2 - 为什么我的过滤器不起作用?

ASP.Net Identity 2 - Why doesn't my filter work?

我已经尝试创建一个简单的过滤器来查看用户是否处于名为 "System Administrator" 的角色中,基本上是必须执行 [Authorize(Roles = "System Administrator")] 的简写。我认为这会相当简单,但我对 MVC 也很陌生,所以也许我忽略了一些东西。

这是我的代码:

using System.Web.Mvc;

namespace site_redesign_web.Filters
{
    public class SystemAdminFilter : ActionFilterAttribute
    {
        string SysAdminRole = "System Administrator";

        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext.RequestContext.HttpContext.User != null)
            {
                var userSysAdmin = filterContext.RequestContext.HttpContext.User.IsInRole(SysAdminRole) == true;
                filterContext.ActionParameters["IsSysAdmin"] = userSysAdmin;
            }
        }
    }
}

有人可以告诉我哪里出错了吗?如果此人不是系统管理员,那么一个巨大的优势是将他们引导至 Home/NoPermissions.

谢谢!

由于您正在处理授权,我将扩展 AuthorizeAttribute 而不是 ActionFilterAttribute,这是通用模式。您只需要覆盖一种方法 - HandleUnauthorizedRequest,它在授权失败时执行。 AuthorizeAttribute 的默认实现已经为您处理基于角色的授权。

public class SystemAdminAttribute : AuthorizeAttribute
{
    private const string SysAdminRole = "System Administrator";

    public SystemAdminFilter()
    {   
        //this defines the role that will be used to authorize the user:
        this.Roles = SysAdminRole;
    }  

    //if user is not authorized redirect to "Home/NoPermissions" page
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if(!filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
        else
        {
            filterContext.Result = new RedirectToRouteResult(new
               RouteValueDictionary(new { controller = "Home", action = "NoPermissions" }));
         }
     }           
}

实现你的属性后,用它装饰相应的控制器或动作:

[SystemAdmin]
public SysAdminController : Controller
{
}

已更新:修复了所有问题。 AJ。干得好... 终于解决了问题

using ActionFilterAttribute 
using System.Web.Mvc;
namespace site_redesign_web.Filters
{
    public class SystemAdminFilter : ActionFilterAttribute
    {
        string SysAdminRole = "System Administrator";
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext.RequestContext.HttpContext.User != null)
            {
                var userSysAdmin = filterContext.RequestContext.HttpContext.User.IsInRole(SysAdminRole) == true;

            if(!userSysAdmin)
            {
                filterContext.Result = new RedirectToRouteResult(
                    new System.Web.Routing.RouteValueDictionary{
                    {"controller", "Home"},     
                    {"action", "Index"}
                });
            }
            }
        }
    }
}

你的控制器应该是

[SystemAdminFilter]     // at controller level
public SomeController : Controller
{

}

或者您也可以将它用于特定的 Action,方法是像这样注释

public SomeController : Controller
{
    [SystemAdminFilter]     // at Action level
    public ActionResult SomeAction()
    {
            // perform your actions
    }

它会起作用,因为我在 Global.asax

Application_AuthorizeRequest 中手动传递了用户角色 
protected void Application_AuthorizeRequest(Object sender, EventArgs e)
{
     FormsAuthenticationTicket formsAuthenticationTicket = new FormsAuthenticationTicket("Aravind", true, 30);
     FormsIdentity formsIdentityId = new FormsIdentity(formsAuthenticationTicket);
     GenericPrincipal genericPrincipal = new GenericPrincipal(formsIdentityId, new string[] { "SystemUser" }); //TEST with this redirected to Home Index place
     HttpContext.Current.User = genericPrincipal ;
}

我做的下一个测试是用这个 

GenericPrincipal genericPrincipal = new GenericPrincipal(formsIdentityId, new string[] { "System Administrator" }); //TEST with this did not perform an action