Permission Validation MVC

[Authorize (Roles = "Admin")]//access to the method only by the user
Public ActionResult Likjinbulai ()//The page you want to set permissions on
{
Determine if authenticated users have access to this page
FormsIdentity id = (formsidentity) HttpContext.User.Identity;
Determine if the authenticated user is the Admin role
if (ID. Ticket.UserData.Contains ("Admin"))
{
return View ();
Skip to error page with insufficient access rights
}

Else
{
Viewbag.authorize = false;
Return View ("Youjinbulai");
Where to go back and forth, add the following code to the Lake area page
@if (@ViewBag. Authorize!=null)
//{
if (! ( @ViewBag. Authorize))
// {
<script type= "Text/javascript" >
$ (function () {
Alert ("You do not have permission");
// });
</script>
// }
//}
}

}

Login User Handling action

Public ActionResult Loginhandler (string userName, string userpwd,string role)
{
Mvc
After the user passes validation, the database field is obtained roles
Verify successful direct write to client cookie ticket
FormsAuthenticationTicket AuthTicket = new FormsAuthenticationTicket (
1,
username,//user log in username
DateTime.Now,
DateTime.Now.AddMinutes (20),
true,//is persisted, stored in the client
role//login User's role write to login user's role
//);
Encrypting an authentication ticket
String encryptedticket = Formsauthentication.encrypt (AuthTicket);
Add the prepared cookie to the response stream
System.Web.HttpCookie Authcookie = new System.Web.HttpCookie (Formsauthentication.formscookiename, Encryptedticket );
Authcookie.expires = authticket.expiration;//Ticket expiry time
Add the prepared cookie to the response stream
SYSTEM.WEB.HTTPCONTEXT.CURRENT.RESPONSE.COOKIES.ADD (Authcookie);

Web
Forms authentication Initialization
Formsauthentication.initialize ();
Verify user input and get logged in user, txtname is user name, Txtpassword is login password
Usermodel um = ValidUser (TxtName.Text.Trim (), TxtPassword.Text.Trim ());

Create an authentication ticket
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket (1,
UserName,
DateTime.Now,
DateTime.Now.AddMinutes (30),
True
role,//the role string that the user belongs to
Formsauthentication.formscookiepath);
Encrypting an authentication ticket
String hash = Formsauthentication.encrypt (ticket);
Create a cookie to send to the client
HttpCookie cookie = new HttpCookie (formsauthentication.formscookiename, hash);
if (ticket. Ispersistent)
{
Cookies. Expires = ticket. expiration;
}
Add the prepared cookie to the response stream
RESPONSE.COOKIES.ADD (cookie);

Forward to the requested page
Response.Redirect (Formsauthentication.getredirecturl (UserName, false));
Return View ("Youjinbulai");
}

Write-Off notes
Public ActionResult Clearticket ()
{
Write-Off notes
FormsAuthentication.SignOut ();
String script = "alert (' You have safely exited!") ‘);";
return JavaScript (script);
}

The following is written in Global.asax

protected void Application_AuthenticateRequest (Object sender, EventArgs e)
{
//mvc
//httpcookie Authcookie = Context.request.cookies[formsauthentication.formscookiename];
//if (Authcookie = = NULL | | authcookie.value = = ")
//{
//return;
}
//formsauthenticationticket authticket = null;
//try
//{
//AuthTicket = Formsauthentication.decrypt (authcookie.value);
//}
//catch
//{
// Return
//}
//string[] roles = AuthTicket.UserData.Split (new char[] {'; '});
//if (Context.User! = null)
//{
//Context.User = new System.Security.Principal.GenericPrincipal ( Context.User.Identity, roles);
//}
//webform
if (HttpContext.Current.User! = null)
{
if ( HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is formsidentity
{
FormsIdentity id = (formsidentity) HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = ID. Ticket;

String userData = Ticket. UserData;
string[] roles = Userdata.split (', ');
Rebuilding HttpContext.Current.User, adding a user-owned array of roles
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal (ID, roles);
}
}
}
}

Permission Validation MVC