一步一步Asp.Net MVC系列_权限管理之权限控制（中

这个Attribute直接借鉴的弦哥的模型,
这样我们可以对程序进行细化的处理过程.
针对不同的标记进行处理:
1: /// <summary>
2: /// [Anonymous标记]验证是否匿名访问
3: /// </summary>
4: /// <param name="filterContext"></param>
5: /// <returns></returns>
6: public bool CheckAnonymous(ActionExecutingContext filterContext)
7: {
8: //验证是否是匿名访问的Action
9: object[] attrsAnonymous = filterContext.ActionDescriptor.GetCustomAttributes(typeof(AnonymousAttribute), true);
10: //是否是Anonymous
11: var Anonymous = attrsAnonymous.Length == 1;
12: return Anonymous;
13: }
14: /// <summary>
15: /// [LoginAllowView标记]验证是否登录就可以访问(如果已经登陆,那么不对于标识了LoginAllowView的方法就不需要验证了)
16: /// </summary>
17: /// <param name="filterContext"></param>
18: /// <returns></returns>
19: public bool CheckLoginAllowView(ActionExecutingContext filterContext)
20: {
21: //在这里允许一种情况,如果已经登陆,那么不对于标识了LoginAllowView的方法就不需要验证了
22: object[] attrs = filterContext.ActionDescriptor.GetCustomAttributes(typeof(LoginAllowViewAttribute), true);
23: //是否是LoginAllowView
24: var ViewMethod = attrs.Length == 1;
25: return ViewMethod;
26: }
27:
28: /// <summary>
29: /// //权限判断业务逻辑
30: /// </summary>
31: /// <param name="filterContext"></param>
32: /// <param name="isViewPage">是否是页面</param>
33: /// <returns></returns>
34: protected virtual bool AuthorizeCore(ActionExecutingContext filterContext)
35: {
36:
37: if (filterContext.HttpContext == null)
38: {
39: throw new ArgumentNullException("httpContext");
40: }
41: //验证当前Action是否是匿名访问Action
42: if (CheckAnonymous(filterContext))
43: return true;
44: //未登录验证
45: if (SessionHelper.Get("UserID") == null)
46: {
47: return false;
48: }
49: //验证当前Action是否是登录就可以访问的Action
50: if (CheckLoginAllowView(filterContext))
51: return true;
52:
53: //下面开始用户权限验证
54: var user = new UserService();