public class Verify : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
var user = filterContext.HttpContext.Session["CurrentUser"];
if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
//判断是否Action判断是否跳过授权过滤器
{
return;
}
else if (filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
//判断是否Controller判断是否跳过授权过滤器
{
return;
}
else if (user == null || string.IsNullOrWhiteSpace(user.ToString()))
//判断用户是否登录
{
filterContext.Result = new RedirectResult("../Login/Login");
}
else
{
return;
}
}
}
全局授权验证
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new Verify());
}
}
控制器授权验证
[Verify]
public class LoginController : Controller
{
}
public class LoginController : Controller
{
方法授权验证
[Verify]
public ActionResult UserInfo(Models.UserInfo userInfo)
{
}
}
public class LoginController : Controller
{
/// <summary>
/// 登录
/// </summary>
/// <param name="userInfo"></param>
/// <returns></returns>
[HttpPost]
[AllowAnonymous]//方法忽略验证
public ActionResult Login(Models.UserInfo userInfo)
{
}
}