我在授权方面遇到了一些问题:
AuthorizeWebForm代码在加载页面时有效,我不在admin组中,所以我没有访问权限,这很好。但是刷新页面时,我可以访问页面,刷新时代码AuthorizeWebFormAttribute不会运行。有什么解决办法吗?
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class AuthorizeWebFormAttribute : System.Attribute
{
public AuthorizeWebFormAttribute(string Roles = null)
{
IPrincipal user = HttpContext.Current.User;
if (user.Identity.IsAuthenticated)
{
if (Roles == null)
return;
if (user.IsInRole("admin"))
return;
string[] roleArray = Roles.Split(',');
foreach (var role in roleArray)
{
if (user.IsInRole(role))
return;
}
}
HttpContext.Current.Server.TransferRequest("~/Unauthorized", false);
}
}
namespace Crew
{
[AuthorizeWebForm("admin")]
protected void Page_Load(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(Session["EmpNo_User"].ToString()))
{
Response.Redirect("~/ErrorPage.aspx?CustError=This page expired. Please close the broswer and open again.");
}
Page.MaintainScrollPositionOnPostBack = true;
}
}
非常感谢您!
答案 0 :(得分:0)
您正在这里重新发明轮子。您可以使用一个非常好的Object {
"key": "PastHireDetails",
"params": undefined,
"routeName": "PastHireDetails",
}
类:https://docs.microsoft.com/en-us/dotnet/api/system.web.mvc.authorizeattribute?view=aspnet-mvc-5.2
另外,请参阅https://docs.microsoft.com/en-us/aspnet/web-forms/overview/older-versions-security/roles/role-based-authorization-cs,了解基于角色的安全性。