一:定义票据中要记录的字段类
/// <summary>
/// 用户存在于浏览器端的身份票据(非持久)
/// 非持久 FormsAuthenticationTicket 的isPersistent为false只存于浏览器
/// 持久 True 也存于(win7中的位置为C:Users用户名AppDataRoamingMicrosoftWindowsCookies,注意Appdata是个隐藏的文件夹)
/// </summary>
public class UserTicket
{
/// <summary>
/// 用户Id(主键)
/// </summary>
public int UserId { get; set; }
/// <summary>
/// 用户账号
/// </summary>
public string UserAccount { get; set; }
/// <summary>
/// 用户姓名
/// </summary>
public string UserName { get; set; }
/// <summary>
/// 角色Id列表
/// </summary>
public List<int> RoleIds { get; set; }
}
二:用户登录控制器
public class LoginController : Controller
{
[HttpPost]
[AllowAnonymous]
public ActionResult Index(LoginModel model)
{
//....DTO
//获取用户账号,UserId,用户姓名和权限存入userdata里。
UserTicket userTicket = new UserTicket();
userTicket.UserId = entity.UserId;
userTicket.UserAccount = entity.UserAcount;
userTicket.UserName = entity.UserName;
List<int> roles = new List<int>() { 1, 2, 3 };
userTicket.RoleIds = roles;
string userdata = string.Empty;
if (entity != null)
{
userdata = JsonHelper.ToJSON(userTicket);
}
//保存身份票据
SetAuthenticationToken(entity.UserAcount, userdata);
}
//存票据
public void SetAuthenticationToken(string name, string userdata, bool createPersistentCookie = false)
{
FormsAuthentication.SetAuthCookie(name, true, FormsAuthentication.FormsCookiePath);
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, name.ToString(), DateTime.Now, DateTime.Now.AddDays(1), true, userdata);
string encTicket = FormsAuthentication.Encrypt(authTicket);
this.Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
}
}
三:在BaseController中解析票据并实现跳转路由
public class BaseController : Controller
{
/// <summary>
/// 用于检测用户是否登录,未登录的话跳转登录页面
/// </summary>
/// <param name="filterContext"></param>
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
//这里判断出没有登录然后进行跳转
if (String.IsNullOrEmpty(LoginUserInfo().UserAccount)) //未登录
{
//未登陆返回登陆页
filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { controller = "Login", action = "Index" }));
}
}
/// <summary>
/// 取得登录用户信息
/// </summary>
/// <returns></returns>
protected UserTicket LoginUserInfo()
{
string name = System.Web.HttpContext.Current.User.Identity.Name;
UserTicket userTicket = new UserTicket();
if (!string.IsNullOrEmpty(name))
{
FormsIdentity id = (FormsIdentity)System.Web.HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
userTicket = JsonHelper.ParseJSON<UserTicket>(id.Ticket.UserData);
}
return userTicket;
}
}
最后一步就是在想要的验证登陆的控制器前继承BaseController就好了