基本方法是重写AuthorizeAttribute类的AuthorizeCore方法

protected override bool AuthorizeCore(HttpContextBase httpContext)

{

string currentRole = GetRole(httpContext.User.Identity.Name);

if (Roles.Contains(currentRole))

return true;

return base.AuthorizeCore(httpContext);

}

private string GetRole(string name)

{

Model1 db = new Model1();

student newstudent = db.Students.First(m => m.name == name);

return newstudent.name;

}

在登录的时候需要写入name信息

FormsAuthentication.SetAuthCookie(stu.name, false);

最后在需要控制的action前加上

[MyAuthAttribute2(Roles = "****")]