mvc 自定义 AuthorizeAttribute 验证逻辑

public class AuthorizationFilterAttribute : AuthorizeAttribute
{
Dictionary<string, string> roles = new Dictionary<string, string>() {
{"1","/Home/Index"},
{"2",""},
};

/// <summary>
/// 自定义验证逻辑 返回false时 才会执行HandleUnauthorizedRequest
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var id = Convert.ToString(httpContext.Request.QueryString["id"]);

if (id == null || !roles.ContainsKey(id))
return false;

string controller = Convert.ToString(httpContext.Request.RequestContext.RouteData.Values["controller"]);
string action = Convert.ToString(httpContext.Request.RequestContext.RouteData.Values["action"]);

return string.Compare(roles[id], string.Format("/{0}/{1}", controller, action), true) == 0;
}

public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
}

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
UrlHelper url = new UrlHelper(filterContext.HttpContext.Request.RequestContext);
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;

filterContext.Result = new RedirectResult(url.Action("login", "home"));
}
}

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new AuthorizationFilterAttribute());
filters.Add(new HandleErrorAttribute());
}

filterContext.Result只要不为空Action就会终止。直接响应请求。