The company intends to go from WebForm to the MVC architecture, and what has plagued me is the issue of permissions control. For each module, you need to determine whether the user has access permissions, each user's permissions are different, there is no way to use role permissions to control. After drawing on the implementation of WebForm and the example application of MVC, I think of the implementation of custom attribute, the implementation code is as follows:
1 Public Sealed classFunctionfilterattribute:actionfilterattribute2 {3 Private string_functionid;4 PublicFunctionfilterattribute (stringfuncid)5 {6 This. _functionid =Funcid;7 }9 Public Override voidonactionexecuting (actionexecutingcontext filtercontext)Ten { OneHttpContextBase context =Filtercontext.httpcontext; Ailist<string> ids = (ilist<string>) context. session["ID"]; - if(ids = =NULL|| !IDs. Contains (_functionid)) - { theContext. Response.Write ("<script>alert (' no ') </script>"); - } - Base. OnActionExecuting (filtercontext); - } +}
The calling method is to mark the action in front of the desired permission or before the controller, as follows:
1 [Functionfilter ("001")]2 public ActionResult Index ()
Or:
1 [Functionfilter ("002")]2 Public Class Accountcontroller:controller
The value passed in is the permission ID that needs to be judged
About ASP. NET MVC permission control, implemented by custom attribute attribute