1.權(quán)限控制使用controller和 action來(lái)實(shí)現(xiàn)，權(quán)限方式有很多種，最近開(kāi)發(fā)項(xiàng)目使用控制控制器方式實(shí)現(xiàn)代碼如下

/// <summary>/// 用戶權(quán)限控制/// </summary>public class UserAuthorize : AuthorizeAttribute{  /// <summary>  /// 授權(quán)失敗時(shí)呈現(xiàn)的視圖  /// </summary>  public string AuthorizationFailView { get; set; }  /// <summary>  /// 請(qǐng)求授權(quán)時(shí)執(zhí)行  /// </summary>  /// <param name="filterContext">上下文</param>  public override void OnAuthorization(AuthorizationContext filterContext)  {    // 獲取url請(qǐng)求里的 controller 和 action    string controllerName = filterContext.RouteData.Values["controller"].ToString();    string actionName = filterContext.RouteData.Values["action"].ToString();    // 獲取用戶信息    UserLoginBaseInfo _userLoginInfo = filterContext.HttpContext.Session[Property.UerLoginSession] as UserLoginBaseInfo;    //根據(jù)請(qǐng)求過(guò)來(lái)的controller和action去查詢可以被哪些角色操作: 這是查詢數(shù)據(jù)庫(kù) roleid使用 1,2,3,4格式    RoleWithControllerAction roleWithControllerAction =      SampleData.roleWithControllerAndAction.FirstOrDefault(r => r.ControllerName.ToLower() == controllerName.ToLower() && r.ActionName.ToLower() == actionName.ToLower() && r.RoleIds.contails("3"));    // 有值處理    if (roleWithControllerAction != null)    {      //有權(quán)限操作當(dāng)前控制器和Action的角色id      this.Roles = roleWithControllerAction.RoleIds;    }    else    {      //請(qǐng)求失敗輸出空結(jié)果      filterContext.Result = new EmptyResult();      //打出提示文字      HttpContext.Current.Response.Write("對(duì)不起,你沒(méi)有權(quán)限操作!");    }    base.OnAuthorization(filterContext);  }  /// <summary>  /// 自定義授權(quán)檢查（返回False則授權(quán)失敗）  /// </summary>  protected override bool AuthorizeCore(HttpContextBase httpContext)  {    //if (httpContext.User.Identity.IsAuthenticated)    //{    //  string userName = httpContext.User.Identity.Name;  //當(dāng)前登錄用戶的用戶名    //  User user = SampleData.users.Find(u => u.UserName == userName);  //當(dāng)前登錄用戶對(duì)象    //  if (user != null)    //  {    //    Role role = SampleData.roles.Find(r => r.Id == user.RoleId); //當(dāng)前登錄用戶的角色    //    foreach (string roleid in Roles.Split(','))    //    {    //      if (role.Id.ToString() == roleid)    //        return true;    //    }    //    return false;    //  }    //  else    //    return false;    //}    //else    //  return false;   //進(jìn)入HandleUnauthorizedRequest    return true;  }  /// <summary>  /// 處理授權(quán)失敗的HTTP請(qǐng)求  /// </summary>  protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)  {    if (string.IsNullOrWhiteSpace(AuthorizationFailView))      AuthorizationFailView = "error";    filterContext.Result = new ViewResult { ViewName = AuthorizationFailView };  }}