I have a custom SiteMapProvider
(populated from database) and a custom AuthorizeAttribute
(validates current users roles + requested page against Role_Page database) for controller classes.
I have to implement the function SiteMapProvider.IsAccessibleToUser(context, node)
. I also have to implement AuthorizeAttribute.AuthorizeCore(context)
.
How are these two functions related? Isn't there some way to 'attribute' the SiteMapProvider?
Some code:
edit: Might this be a solution (inside AuthorizeCore()
)? context
however is HttpContextBase
, and IsAccessibleToUser()
only takes HttpContext
as parameter.
If Not SiteMap.Provider.IsAccessibleToUser(context, SiteMap.CurrentNode) Then
current code:
Public Class CustomValidateAuthorization : Inherits AuthorizeAttribute
Public Sub New()
End Sub
Protected Overrides Function AuthorizeCore(ByVal httpContext As System.Web.HttpContextBase) As Boolean
If Not Global.Page.IsAccessib开发者_运维知识库leToUser(httpContext.User) Then
//Exception or redirect (in exception)?
// or return false?
End If
Return True
End Function
End Class
Public Class CustomSiteMapProvider : Inherits StaticSiteMapProvider
Public Overrides Function IsAccessibleToUser(ByVal context As System.Web.HttpContext, ByVal node As System.Web.SiteMapNode) As Boolean
Dim p As New BLL.Page
p.LoadFromSiteMapNode(node)
Return p.IsAccessibleToUser(context.User)
End Function
End Class
I currently use the default sitemapprovider twice.
精彩评论