Using action parameters in custom Authorization Attribute in ASP.NET MVC3

前端未结

关注

 4  1529

I have a controller which should only request authorization when loaded with specific parameters. Like when the parameter ID is 8 for example.

I came up with using a

相关标签:

4条回答

予麋鹿

2020-12-13 20:21

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var rd = httpContext.Request.RequestContext.RouteData;
        string currentAction = rd.GetRequiredString("action");
        string actionparam =Convert.ToString(rd.Values["param"]);

        if (id == actionparam)
        {
            return base.AuthorizeCore(httpContext);
        }
return true;
 }

0 讨论(0)

借酒劲吻你

2020-12-13 20:24

You need something like this.

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        int? id = GetId(filterContext);

        if (id.HasValue)
        {
          ...
        }
    }

    private static int? GetId(ActionExecutingContext filterContext)
    {
        int? Id = null;

        if (filterContext.ActionParameters.ContainsKey("Id"))
        {
            Id = (int?)filterContext.ActionParameters["Id"];
        }
    }

0 讨论(0)

一整个雨季

2020-12-13 20:25

As long as AuthorizeAttribute is being inherited, you can get your parameter from AuthorizationContext, as follows:

public class MyAuthorizeAttribute : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        string idParam = filterContext.Controller.ValueProvider.GetValue("id").AttemptedValue;
        int id;

        if (int.TryParse(idParam, out id))
        {
            if (id == 8) // apply your business logic here
                return;
        }

        filterContext.Result = new HttpUnauthorizedResult();
    }
}

[MyAuthorize]
public ActionResult Protected(int id)
{
    return View();
}

The ValueProvider will iterate through all registered providers that by default includes RouteDataValueProvider, QueryStringValueProvider and FormValueProvider, and do all the work for you.

Otherwise I recommend using ActionFilterAttribute.

0 讨论(0)

攒了一身酷

2020-12-13 20:31

If the id is passed as request parameter (GET or POST) or as a route data parameter:

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    // first look at routedata then at request parameter:
    var id = (httpContext.Request.RequestContext.RouteData.Values["id"] as string) 
             ??
             (httpContext.Request["id"] as string);
    if (id == "8")
    {
        return base.AuthorizeCore(httpContext);
    }
    return true;
}

0 讨论(0)