MVC授权

public class CommonController : Controller
{
 
    protected override void OnAuthorization(AuthorizationContext filterContext)
    {
        var controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
        var actionName = filterContext.ActionDescriptor.ActionName;
        if (this.GetUserAuthorize(this.HttpContext.User.Identity.Name, controllerName, actionName))
        {
            base.OnAuthorization(filterContext);
        }
        else
        {
            const string ViewName = "~/Views/Account/Login.cshtml";
            var vr = new ViewResult { ViewName = ViewName };
            filterContext.Result = vr;
        }
    }
 
    private bool GetUserAuthorize(string userId,string controllerName,string actionName)
    {
        if (string.IsNullOrEmpty(userId))
        {
            return false;
        }
 
        //访问数据库中相关的用户、角色、功能权限等表看是否具有访问此action的权限
          //有返回true,否则false
 
        return true;
    }