Filter(筛选器)是以AOP(面向方面设计)的方式进行设计的。可用与权限验证、日志记录、异常处理等。主要有以下几种:
授权筛选器:AuthorizationFilter 接口(IAuthorizationFilter)
操作筛选器:ActionFilter 接口(IActionFilter)
结果筛选器 : ResultFilter 接口(IResultFilter)
异常筛选器 : ExceptionFilter 接口(IExceptionFilter)
执行顺序:AuthorizationFilter -> ActionFilter -> ResultedFilter -> ExceptionFilter
1、授权筛选器
可用于权限验证,显示代码如下
/// <summary> /// 自定义用户授权 /// </summary> public class UserAuthorize : AuthorizeAttribute { /// <summary> /// 授权失败时呈现的视图 /// </summary> public string AuthorizationFailView { get; set; } /// <summary> /// 请求授权时执行 /// </summary> public override void OnAuthorization(AuthorizationContext filterContext) { //获取controller和action的值 string controllerName = filterContext.RouteData.Values["controller"].ToString().ToLower(); string actionName = filterContext.RouteData.Values["action"].ToString().ToLower(); //根据controller和action获取角色操作权限(实际项目中可通过数据库查询实现赋值权限) string roles = ""; if (controllerName == "控制1" && controllerName == "动作1") roles = "1"; if (roles != "") { this.Roles = roles; //有权限操作当前控制器和Action的角色id } base.OnAuthorization(filterContext); //进入AuthorizeCore } /// <summary> /// 自定义授权检查(返回False则授权失败) /// </summary> protected override bool AuthorizeCore(HttpContextBase httpContext) { if (httpContext.User.Identity.IsAuthenticated) { string userName = httpContext.User.Identity.Name; //当前登录用户的用户名 string userRole = "1";//默认权限1 if (userName != "") { //只有管理员才可以进入 if (userName == "管理员") { if (userRole == Roles) return true; } return false; } else return false; } else return false; //进入HandleUnauthorizedRequest } /// <summary> /// 处理授权失败的HTTP请求 /// </summary> protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { filterContext.Result = new ViewResult { ViewName = AuthorizationFailView }; } }
实现完成权限筛选后,添加具体引用
public class FilterDemoController : Controller { //登录默认赋值用户为:管理员 public ActionResult Login() { FormsAuthentication.SetAuthCookie("管理员", true); //cookie默认有效期为:2880分钟 return RedirectToAction("Index", "FilterDemo"); } //权限筛选页 [UserAuthorize(AuthorizationFailView="Err")] public ActionResult Index() { return View(); } }
2、操作筛选器、结果筛选器
3、异常筛选器
可用于错误日志记录、展示错误页面等