基本方法是重写AuthorizeAttribute类的AuthorizeCore方法
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
string currentRole = GetRole(httpContext.User.Identity.Name);
if (Roles.Contains(currentRole))
return true;
return base.AuthorizeCore(httpContext);
}
private string GetRole(string name)
{
Model1 db = new Model1();
student newstudent = db.Students.First(m => m.name == name);
return newstudent.name;
}
在登录的时候需要写入name信息
FormsAuthentication.SetAuthCookie(stu.name, false);
最后在需要控制的action前加上
[MyAuthAttribute2(Roles = "****")]