效果圖:
如果沒有權限時,顯示:
代碼:
public class AuthorizeAdminAttribute : TypeFilterAttribute { #region 字段 private readonly bool _ignoreFilter; #endregion #region 構造函數 /// <summary> /// 構造函數 /// </summary> /// <param name="ignore">是否忽略過濾。默認為false</param> public AuthorizeAdminAttribute(bool ignore = false) : base(typeof(AuthorizeAdminFilter)) { this._ignoreFilter = ignore; this.Arguments = new object[] { ignore }; } #endregion #region 屬性 /// <summary> /// 獲取是否忽略過濾? /// </summary> public bool IgnoreFilter => _ignoreFilter; #endregion #region 內部過濾器 /// <summary> /// 管理員授權過濾器 /// </summary> private class AuthorizeAdminFilter : IAuthorizationFilter { #region 字段 private readonly bool _ignoreFilter; //private readonly IPermissionService _permissionService; //假設這個 IPermissionService 是我們業務上需要訪問數據庫獲取用戶是否有權限訪問的類。 #endregion #region 構造函數 public AuthorizeAdminFilter(bool ignoreFilter /*, IPermissionService permissionService*/ ) { this._ignoreFilter = ignoreFilter; //this._permissionService = permissionService; } #endregion #region 方法 public void OnAuthorization(AuthorizationFilterContext filterContext) { if (filterContext == null) throw new ArgumentNullException(nameof(filterContext)); //檢查是否已經被 Action 方法重寫了 var actionFilter = filterContext.ActionDescriptor.FilterDescriptors .Where(filterDescriptor => filterDescriptor.Scope == FilterScope.Action) .Select(filterDescriptor => filterDescriptor.Filter).OfType<AuthorizeAdminAttribute>().FirstOrDefault(); if (actionFilter?.IgnoreFilter ?? _ignoreFilter) return; if (filterContext.Filters.Any(filter => filter is AuthorizeAdminFilter)) { //下面是訪問自定義的服務,獲取當前登錄用戶是否有權限訪問 //bool hasPermission = _permissionService.Authorize(StandardPermissionProvider.AccessAdminPanel); bool hasPermission = new Random().Next(1, 11) > 5 ? true : false; if (!hasPermission) filterContext.Result = new ChallengeResult(); } } #endregion } #endregion }
使用方法:
謝謝瀏覽!