2
我想通过创建一个基本控制器并重写OnAuthorization方法来使用我自己的授权。自定义授权
授权失败时工作正常,但当我的检查成功时(但默认授权检查失败),我得到了401页。
protected override void OnAuthorization(AuthorizationContext filterContext)
{
var roleAttribute = typeof(AuthorizeAttribute);
var attributes = filterContext.ActionDescriptor.GetCustomAttributes(roleAttribute, true);
if (attributes.Length == 0)
attributes = GetType().GetCustomAttributes(roleAttribute, true);
if (attributes.Length == 0)
return;
MvcHelper.Authenticate();
foreach (AuthorizeAttribute item in attributes)
{
if (!Thread.CurrentPrincipal.IsInRole(item.Roles))
{
filterContext.Result = new RedirectResult("~/Error/Unauthorized/" + "?MissingRole=" + item.Roles);
return;
}
}
//how do I prevent the default authorization here?
}
我试过filterContext.HttpContext.SkipAuthorization = true;
但它没有帮助。