// this will be executed after authorized
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
_Common.eUserAccess access;
if (_Common.IsUserLoggedIn()) // check if any user logged in
{
string controller = filterContext.RouteData.Values["controller"].ToString();
string action = filterContext.RouteData.Values["action"].ToString();
// check if logged in user has access to controller/action
if (_Common.IsUserHasAccess(controller, action))
{
access = _Common.eUserAccess.AccessGranted;
}
else
{
access = _Common.eUserAccess.AccessDenied;
}
}
else
{
access = _Common.eUserAccess.NotLoggedIn;
}
// process request based on user access
if (access == _Common.eUserAccess.NotLoggedIn)
{
filterContext.Result = RedirectToAction("Login", "Access");
}
else if (access == _Common.eUserAccess.AccessDenied)
{
filterContext.Result = RedirectToAction("NoAccess", "Access");
}
else
{
base.OnActionExecuting(filterContext);
}
}
No comments:
Post a Comment