Question

i 创建了以下<代码>ActionFilterAttribute,以检查用户是否获准进入网页。我还创建了两个处理不同假设情景的海关编码<>Exceptions:NotLobedInException和InuffPrivilegeException。

<ActionFilterAttribute

Public Class ValidateAuthentication : Inherits ActionFilterAttribute
    Private _page As BLL.Page

    Public Sub New(ByVal Page As BLL.Page)
        Me._page = Page
    End Sub
    Public Overrides Sub OnActionExecuting(ByVal filterContext As System.Web.Mvc.ActionExecutingContext)
        Select Case Me._page.IsAccessibleToUser(filterContext.HttpContext.User)
            Case -1
                Throw New NotLoggedInException()
            Case 0
                Throw New InsufficientPrivilegeException()
            Case 1
                //access granted
        End Select
    End Sub
End Class

我也有一个习俗网站MapProvider,在那里我履行我自己的使命。因此,我还有安全通道。

<>SiteMapProvider>

Public Overrides Function IsAccessibleToUser(ByVal context As System.Web.HttpContext, ByVal node As System.Web.SiteMapNode) As Boolean
    Dim p As New BLL.Page
    p.LoadFromSiteMapNode(node)


    Select case p.IsAccessibleToUser(context.User)
        Case 1
            Return true
        Case else
            Return false
    End Select
End Function

<><>>> 问题:

Where do I catch the exceptions to for instance redirect users if not authorized?
Should I perhaps use the SiteMap authorization somewhere else instead of using the ActionFilterAttribute and throwing Exceptions..?

note: as You can see I m using atom category for BL. 页: 1 这是一个具有功能安全作用的办公室网页,储存在数据库中。现场普查也根据这一数据进行人口统计。

Answer 1

Do not reinvent AuthoriazeAttribute。页: 1 如果你需要定制自己的认证,那么就定制了会员提供商或子类<代码>。

友情链接