开发者

custom AuthorizeAttribute + custom SiteMapProvider related?

开发者 https://www.devze.com 2022-12-16 00:35 出处:网络
I have a custom SiteMapProvider (populated from database) and a custom AuthorizeAttribute (validates current users roles + requested page against Role_Page database) for controller classes.

I have a custom SiteMapProvider (populated from database) and a custom AuthorizeAttribute (validates current users roles + requested page against Role_Page database) for controller classes.

I have to implement the function SiteMapProvider.IsAccessibleToUser(context, node). I also have to implement AuthorizeAttribute.AuthorizeCore(context).

How are these two functions related? Isn't there some way to 'attribute' the SiteMapProvider?

Some code:


edit: Might this be a solution (inside AuthorizeCore())? context however is HttpContextBase, and IsAccessibleToUser() only takes HttpContext as parameter.

If Not SiteMap.Provider.IsAccessibleToUser(context, SiteMap.CurrentNode) Then

current code:

Public Class CustomValidateAuthorization : Inherits AuthorizeAttribute
    Public Sub New()

    End Sub

    Protected Overrides Function AuthorizeCore(ByVal httpContext As System.Web.HttpContextBase) As Boolean
        If Not Global.Page.IsAccessib开发者_运维知识库leToUser(httpContext.User) Then
            //Exception or redirect (in exception)?
            // or return false?
        End If

        Return True
    End Function
End Class

Public Class CustomSiteMapProvider : Inherits StaticSiteMapProvider
Public Overrides Function IsAccessibleToUser(ByVal context As System.Web.HttpContext, ByVal node As System.Web.SiteMapNode) As Boolean
    Dim p As New BLL.Page
    p.LoadFromSiteMapNode(node)

    Return p.IsAccessibleToUser(context.User)
End Function
End Class


I currently use the default sitemapprovider twice.

0

精彩评论

暂无评论...
验证码 换一张
取 消