public class AuthorizationFilter : IAuthorizationFilter { public void OnAuthorization(AuthorizationFilterContext context) { var actionDescriptor = context.ActionDescriptor as Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor; var controller = actionDescriptor.ControllerName; var action = actionDescriptor.ActionName; var token = context.HttpContext.Request.Cookies["token"]; //如果controller为login,无需进行权限校验 if ("login".Equals(controller, StringComparison.OrdinalIgnoreCase)) return; //如果token不为空,且token正确,无需进行权限校验,具体代码自己写 var isAjaxRequest = context.HttpContext.Request.Headers.ContainsKey("x-requested-with"); if (isAjaxRequest) { var response = new Response { Code = 401, Message = "没有登录或登录超时" }; context.Result = new JsonResult(response); } else { context.Result = new RedirectToActionResult("login", "login", null); } } }
services.AddMvc(config => { config.Filters.Add<ExceptionFilter>(); config.Filters.Add<AuthorizationFilter>(); });
代码很简单,也可以使用中间件来做。但是貌似使用Filter过滤器比较方便。