[Authorize] public class HomeController : Controller { [AllowAnonymous] public ActionResult Login() { string userName = "admin"; string password = "123456"; //1.0 自动生成cookie FormsAuthentication.SetAuthCookie(userName, false); //2.0 手动生成cookie //设置ticket信息 FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userName, DateTime.Now, DateTime.Now.AddMinutes(20), false, password); //加密 string strTicket = FormsAuthentication.Encrypt(ticket); //生成cookie HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, strTicket); cookie.Expires = ticket.Expiration; Response.Cookies.Add(cookie); return View(); } public ActionResult SignOut() {
//if (HttpContext.Request.IsAuthenticated)
//{
// string name = HttpContext.User.Identity.Name;
// var data = ((FormsIdentity)HttpContext.User.Identity).Ticket.UserData;
//}
FormsAuthentication.SignOut(); return View(); } }
AuthorizeAttribute源码
http://www.cnblogs.com/icyJ/p/MVC_Authorize.html
public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (OutputCacheAttribute.IsChildActionCacheActive(filterContext)) { throw new InvalidOperationException(MvcResources.AuthorizeAttribute_CannotUseWithinChildActionCache); } bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true); if (skipAuthorization) { return; } if (AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); } else { HandleUnauthorizedRequest(filterContext); } }
自己实现authentication
public class ActionValidateAttribute:System.Web.Mvc.AuthorizeAttribute { #region 判断是否登陆和是否有权限 /// <summary> /// 判断是否登陆和是否有权限 /// </summary> /// <param name="filterContext"></param> public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext) { //1.0 获取区域名(全部验证) string strArea = filterContext.RouteData.DataTokens.Keys.Contains("area") ? filterContext.RouteData.DataTokens["area"].ToString().ToLower() : null; string strController=filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower(); string strAction=filterContext.ActionDescriptor.ActionName.ToLower(); //1.1 需要验证区域的集合.根据情况而定,目前我们没有分区域,所以是全部验证 //1.2 判断请求路由是否包含在以上集合中 //2.0 判断是否包含skip特性(正常情况下登陆、登出skip) if(!DoesSkip<MyAuthentication.Attributes.SkipAttribute>(filterContext)) { //3.0 如果不跳过判断是否登陆状态 bool islogin = OperateContext.Current.IsLogin(); //3.1 如果没有登陆重定向到登陆页面 if (!islogin) { filterContext.Result = OperateContext.Current.Redirect("/home/login", filterContext.ActionDescriptor); } ////4.0 已经登陆了,判断是否有权限 //bool hasPermission=OperateContext.Current.HasPermission(strArea,strController,strAction); ////4.1 如果没有权限,重定向到登陆页面 //if(!hasPermission) //{ filterContext.Result = OperateContext.Current.Redirect("/home/login", filterContext.ActionDescriptor); } } //base.OnAuthorization(filterContext); } #endregion #region 判断是否有skip特性+DoesSkip<T>(System.Web.Mvc.AuthorizationContext filterContext) /// <summary> /// 判断是否包含指定的特性 /// </summary> /// <typeparam name="T"></typeparam> /// <param name="filterContext"></param> /// <returns></returns> protected bool DoesSkip<T>(System.Web.Mvc.AuthorizationContext filterContext) where T : Attribute { if (!filterContext.ActionDescriptor.IsDefined(typeof(T), false) && !filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(T), false)) { return false; } return true; } #endregion }
public class SkipAttribute:Attribute { }