Geek asks and answers

Access MVC

Our application is migrating from WebForms to MVC. We have another way to handle permissions. A database query is requested to confirm user authorization. This view returns, according to each user, the entire menu hierarchy. For example, if user1 tries to access a page called SecretList.aspx, the search is applied through the menu hierarchy (stored in the HTTP session after authorization) to check access authorization. If a menu item associated with SecretList.aspx exists for this user, access is granted.

My question is: how to implement this approach in ASP.NET MVC 3?

I would not want to add attributes for each Controller action, and I read about route restrictions and the user controller .

To restrict the route, can I access an HTTP session and get my menu hierarchy to request authorization?

In a user controller, which method should be considered when overloading? Can I check the authorization and redirect to another view before the controller executes the full action code?

Any other better idea?

+3
source share
2 answers

, , . , ( , , ), , ActionResult.

MVC ( , ILSpy), .

, , , .

+2

, .

    public class MenuAccessAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting (ActionExecutingContext filterContext)
        {
            var requestRoute = filterContext.RouteData.Route;

            var currentUser = WebWorker.CurrentUser; // Or wathever is your thing to get the current user from session

            if (currentUser != null && !MenuAccessService.UserHasAccessToRoute(currentUser, requestRoute))
            {
                filterContext.Result = new RedirectToRouteResult("MenuAccessDenied");
            }

            base.OnActionExecuting(filterContext);
        }
    }

- .

global.asax Application_Start

        GlobalFilters.Filters.Add(new MenuAccessAttribute());

, , asp.net mvc, RoleProvider Authorize.

+1

More articles:


All Articles