using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Mvc; namespace CommonHelper { [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)] public class AuthorizationAttribute { private String _AuthUrl = String.Empty; /// <summary> /// 获取或者设置一个值,改值表示登录地址 /// 如果web.config中未定义AuthUrl的值,则默认为login /// </summary> public String AuthUrl { get { return _AuthUrl; } set { if (String.IsNullOrEmpty(value)) throw new ArgumentNullException("用于验证用户登录信息的登录地址不能为空"); else _AuthUrl = value.Trim(); } } private String _AuthSaveKey = String.Empty; /// <summary> /// 获取或者设置一个值,改值表示登录用来保存登录信息的键名 /// 如果web.config中未定义AuthSaveKey的值,则默认为LoginedUser /// </summary> public String AuthSaveKey { get { return _AuthSaveKey; } set { if (String.IsNullOrEmpty(value)) throw new ArgumentNullException("用于保存登录信息的键名不能为空"); else this._AuthSaveKey = value.Trim(); } } private String _AuthSaveType = String.Empty; /// <summary> /// 获取或者设置一个值,该值表示用来保存登录信息的方式 /// </summary> public String AuthSaveType { get { return _AuthSaveType; } set { if (String.IsNullOrEmpty(value)) throw new ArgumentNullException("用于保存登录信息的方式不能为空,只能为【cookie】或者【session】"); else this._AuthSaveType = value.Trim(); } } /// <summary> /// 默认构造函数 /// </summary> public AuthorizationAttribute() { String authUrl=System.Configuration.ConfigurationManager.AppSettings["AuthUrl"]; String saveKey = System.Configuration.ConfigurationManager.AppSettings["AuthSaveKey"]; String saceType = System.Configuration.ConfigurationManager.AppSettings["AuthSaveType"]; if (String.IsNullOrEmpty(authUrl)) this._AuthUrl = "/User/Login"; else this._AuthUrl = authUrl; if (String.IsNullOrEmpty(saveKey)) this._AuthSaveKey = "LoginedUser"; else this._AuthSaveKey = saveKey; if (String.IsNullOrEmpty(saceType)) this._AuthSaveType = "Session"; else this._AuthSaveType = saceType; } /// <summary> /// 构造函数重载 /// </summary> /// <param name="authUrl">表示没有登录跳转的登录地址</param> public AuthorizationAttribute(String authUrl) : this() { this._AuthUrl = authUrl; } /// <summary> /// 构造函数重载 /// </summary> /// <param name="authUrl">表示没有登录跳转的登录地址</param> /// <param name="saveKey">表示登录用来保存登录信息的键名</param> public AuthorizationAttribute(String authUrl, String saveKey) : this(authUrl) { this._AuthSaveKey = saveKey; this._AuthSaveType = "Session"; } /// <summary> /// 构造函数重载 /// </summary> /// <param name="authUrl">表示没有登录跳转的登录地址</param> /// <param name="saveKey">表示登录用来保存登录信息的键名</param> /// <param name="saveType">表示登录用来保存登录信息的方式</param> public AuthorizationAttribute(String authUrl, String saveKey, String saveType) : this(authUrl, saveKey) { this._AuthSaveType = saveType; } /// <summary> /// 处理用户登录 /// </summary> /// <param name="fileterContext"></param> public void OnAuthorization(AuthorizationContext fileterContext) { if (fileterContext.HttpContext == null) throw new Exception("次特性只适合于Web应用程序使用!"); else { switch (AuthSaveType) { case "Session": if (fileterContext.HttpContext.Session == null) throw new Exception("服务器Session不可用!"); else if (!fileterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) && !fileterContext.ActionDescription.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)) { if (fileterContext.HttpContext.Session[_AuthSaveKey] == null) fileterContext.Result = new RedirectResult(_AuthUrl); } break; case "Cookie": if (!fileterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) && !fileterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)) { if (fileterContext.HttpContext.Request.Cookies[_AuthSaveKey] == null) fileterContext.Result = new RedirectResult(_AuthUrl); } break; default: throw new ArgumentNullException("用于保存登录信息的方式不能为空,只能为【Cookie】或者【Session】"); } } } } }