【4】 .net MVC使用Session验证用户登录
用最简单的Session方式记录用户登录状态
1.添加DefaultController控制器,重写OnActionExecuting方法,每次访问控制器前触发
public class DefaultController : Controller { protected override void OnActionExecuting(ActionExecutingContext filterContext) { base.OnActionExecuting(filterContext); var controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; var userName = Session["UserName"] as String; if (String.IsNullOrEmpty(userName)) { //重定向至登录页面 filterContext.Result = RedirectToAction("Index", "Login", new { url = Request.RawUrl}); return; } } }
2.登录控制器
public class LoginController : Controller { // GET: Login public ActionResult Index(string ReturnUrl) { if (Session["UserName"] != null) { return RedirectToAction("Index", "Home"); } ViewBag.Url = ReturnUrl; return View(); } [HttpPost] public ActionResult Index(string name, string password, string returnUrl) { /* 添加验证用户名密码代码 */ Session["UserName"] = name; if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Home"); } } // POST: /Account/LogOff [HttpPost] public ActionResult LogOff() { Session["UserName"] = null; return RedirectToAction("Index", "Home"); } }
3.需要验证的控制器继承DefaultController
public class HomeController : DefaultController { public ActionResult Index() { return View(); } }
这种方式适合比较小的项目
优点:简单,易开发
缺点:无法记录登录状态,而且Session方式容易丢失