定义一个类: 继承:
using System;
using System.Collections.Generic;using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Security;
using System.Configuration;
namespace CMXXXXX
{
public class B_AopRoleFilter : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
//没有登录执行的操作
if (!(filterContext.RouteData.Values["controller"].Equals("Account") && filterContext.RouteData.Values["action"].Equals("LogOn")))
{
filterContext.HttpContext.Response.Redirect("/Account/LogOn");
}
}
else
{
//判断是否存在注册用户
FormsIdentity user = (FormsIdentity)HttpContext.Current.User.Identity;
//判断是否存在页面权限
//var au = db.AdminUser.Where(a => a.username == user.Name).ToList();
if (1==1)//au.Count > 0)
{
// string purview= au[0].group.purview;
bool is_authorize = true;
string error_msg = "没有权限访问!";
string model = filterContext.RouteData.Values["controller"].ToString();
string action = filterContext.RouteData.Values["action"].ToString();
filterContext.HttpContext.Response.Write("2、model:" + model + ";action:" + action +"<br/>");
/*
BLLAdminUser admin_user = new BLLAdminUser();
string purview = admin_user.getCheckPurview(model, action);//判断权限
string mypurview = admin_user.getMyPurview();
is_authorize = admin_user.inPurview(purview, mypurview);
if (!is_authorize)
{
//如果验证不通过执行的方法
}
* */
}
}
}
}
}
Global.asax.cs 加入 如下filter:
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new B_AopRoleFilter());
}