1. Permission is a login permission, we can rewrite Authorizeattribute to achieve the custom Rights management, rewrite Authorizeattribute inside the Onauthorization method.
Public Override voidonauthorization (AuthorizationContext filtercontext) {Base. Onauthorization (Filtercontext); if(!filterContext.HttpContext.User.Identity.IsAuthenticated) {filterContext.HttpContext.Respons E.redirect ("~/account/login?returnurl="+FILTERCONTEXT.HTTPCONTEXT.REQUEST.RAWURL); return; } varUserName = FilterContext.HttpContext.User.Identity.Name.Split ('|')[0]; if(string. IsNullOrEmpty (UserName))return; Permission entity Open=Get user Rights (UserName); if(permission is present) {//permission does not existFilterContext.HttpContext.Response.Redirect ("~/account/noauthority"); } }
View Code
2. On the landing page just save the landed cook value is OK
Formsauthentication.setauthcookie (userInfo.UserId.ToString () + "|" + userInfo.UserName.ToString (), false);
var returnUrl = request["ReturnUrl"];
Return Redirect (!string. IsNullOrEmpty (RETURNURL)? RETURNURL: "~/");
3. Simply add the rewritten authorizeattribute to each acction.
MVC Privilege Authentication