public class CheckUserAttribute : ActionFilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext context)
{
if (this.IsAnonymousAction(context)) //是否允许匿名用户访问 [AllowAnonymous]
{
return;
}
if (context.HttpContext.Session["currentUserId"] == null)
{
context.Result = new RedirectToRouteResult(
new RouteValueDictionary{
{ "controller", "Error"},
{ "action", "NotAuthorized"}
});
}
}
#region private method
private bool IsAnonymousAction(AuthorizationContext filterContext)
{
return filterContext.ActionDescriptor
.GetCustomAttributes(inherit: true)
.OfType<AllowAnonymousAttribute>()
.Any();
}
#endregion
}