MVC相当于Webforms“UrlAuthorizationModule.CheckUrlAccessForPrincipal”
所以我有这个控制器:
namespace MyNamespace.Controllers { [Authorize(Roles="Administrator")] public class MyController : Controller public ActionResult Index() { ... 如您所见,只有具有管理员角色的用户才能访问MyController的Action方法。
所以,从其他地方(另一个控制器,我的库类中的另一个类等) ,我如何检查Current.User.Identity.Name是否可以访问MyController?
WebForms的“UrlAuthorizationModule.CheckUrlAccessForPrincipal”之类的东西。
您必须从其他控制器读取信息。 这可以通过实例化其上下文和描述符,然后实例化该控制器的AuthorizationContext并读取filter信息来完成。
这就是你如何做到的
private bool ActionIsAccessibleToUser(string actionName, ControllerBase controllerBase) { // Get controller context. var controllerContext = new ControllerContext(this.ControllerContext.RequestContext, controllerBase); // Get controller descriptor. var controllerDescriptor = new ReflectedControllerDescriptor(controllerBase.GetType()); // Get action descriptor. var actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName); // Check on authorization. return ActionIsAuthorized(actionDescriptor, controllerContext); } private bool ActionIsAuthorized(ActionDescriptor actionDescriptor, ControllerContext controllerContext) { if (actionDescriptor == null) { // Action does not exist. return false; } // Get authorization context fo controller. AuthorizationContext authContext = new AuthorizationContext(controllerContext, actionDescriptor); // run each auth filter until on fails // performance could be improved by some caching var filters = FilterProviders.Providers.GetFilters(controllerContext, actionDescriptor); FilterInfo filterInfo = new FilterInfo(filters); foreach (IAuthorizationFilter authFilter in filterInfo.AuthorizationFilters) { // Attempt authorization. authFilter.OnAuthorization(authContext); // If result is non-null, user is not authorized. if (authContext.Result != null) { return false; } } // Assume user is authorized. return true; }