mvc4 利用特性类过滤,实现自己的权限验证 参考Authorize与AllowAnonymous原理
1.新建一个特性过滤类AdminLogin继承ActionFilterAttribute。重写OnActionExecuting,在执行action前执行。新建一个特性类AdminAuthorize继承FilterAttribute。
代码:Filters/AdminLogin.cs
1 using System; 2 using System.Collections.Generic; 3 using System.Linq; 4 using System.Text; 5 using System.Web; 6 using System.Web.Mvc; 7 using System.Web.Profile; 8 using System.Web.Routing; 9 using System.Web.Security; 10 namespace MvcApp.Filters 11 { 12 public class AdminLogin : ActionFilterAttribute 13 { 14 15 public override void OnActionExecuting(ActionExecutingContext filterContext) 16 { 17 18 bool isNeedLogin = filterContext.ActionDescriptor.IsDefined(typeof(AdminAuthorize), inherit: false); 19 20 if (isNeedLogin) 21 { 22 var cookie = System.Web.HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; 23 var a = filterContext.ActionDescriptor.GetCustomAttributes(typeof(AdminAuthorize), inherit: false)[0] as AdminAuthorize; 24 25 if (cookie != null && FormsAuthentication.Decrypt(cookie.Value).UserData == a.Role) 26 { 27 //验证通过 28 } 29 else 30 { 31 string returnUrl = HttpContext.Current.Request.Url.PathAndQuery; 32 var url = FormsAuthentication.LoginUrl + "?returnUrl=" + HttpUtility.UrlEncode(returnUrl); 33 //HttpContext.Current.Response.Redirect(url, true);//进入action 34 //filterContext.HttpContext.Response.Redirect(url);//进入action 35 /*filterContext.Result = new RedirectToRouteResult( //不进入action 36 new RouteValueDictionary 37 { 38 { "action", "Login" }, 39 { "controller", "Admin" }, 40 {"returnUrl", returnUrl} 41 });*/ 42 filterContext.Result = new RedirectResult(url);//不进入action,转到登录页面。 43 44 } 45 46 } 47 } 48 49 } 50 public class AdminAuthorize : FilterAttribute 51 { 52 private string role = ""; 53 public string Role 54 { 55 get { return role; } 56 set { role = value; } 57 } 58 59 public AdminAuthorize() 60 { 61 62 } 63 } 64 }
2.在App_Start/FilterConfig.cs中注册这个filter类。添加代码:
filters.Add(new Filters.AdminLogin());
3.在action前添加特性[AdminAuthorize(Role = "Admin")]
4.配置web.config
<authentication mode="Forms">
<forms name=".AuthAdmin" loginUrl="~/Admin/Login" timeout="30" protection="All" path="/Admin" defaultUrl="/Admin/Main" />
</authentication>
5.在登录action,Login注册船票ticket
1 FormsAuthenticationTicket MyTicket = new FormsAuthenticationTicket 2 ( 3 1, 4 admin.UserName+"," + admin.NickName, 5 DateTime.Now, 6 DateTime.Now.AddMinutes(300), 7 true, 8 "Admin", 9 FormsAuthentication.FormsCookiePath 10 ); 11 12 //添加 Cookies 13 string myHash = FormsAuthentication.Encrypt(MyTicket); 14 HttpCookie myCookie = new HttpCookie(FormsAuthentication.FormsCookieName, myHash); 15 Response.Cookies.Add(myCookie);