web.config配置

<authentication mode="Forms">
      <forms loginUrl="~/Login/Index" timeout="30" slidingExpiration="true"></forms>
</authentication>
  • 1
  • 2
  • 3

增加一个Attribute类,继承自AuthorizeAttribute

public class CustomAuthorzieAttribute : AuthorizeAttribute
    {
        private string _controllerName = string.Empty;
        private string _actionName = string.Empty;

        /// <summary>
        /// base.OnAuthorization(filterContext)中会调用AuthorizeCore函数
        /// 
        /// 当AuthorizeCore返回false,则会继续调用HandleUnauthorizedRequest进行处理
        /// 
        /// 所以OnAuthorization是该类的总入口
        /// 
        /// </summary>
        /// <param name="filterContext"></param>
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            _controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
            _actionName = filterContext.ActionDescriptor.ActionName;

            base.OnAuthorization(filterContext);
        }

        /// <summary>
        /// base.OnAuthorization来调用
        /// </summary>
        /// <param name="httpContext"></param>
        /// <returns></returns>
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (_controllerName.ToLower() == "login")
            {//登陆界面,不用身份认证,直接返回true
                return true;
            }

            if (!httpContext.User.Identity.IsAuthenticated)
            {
                return false;
            }

            return true;
        }

        /// <summary>
        /// 当AuthorizeCore返回false时候调用
        /// </summary>
        /// <param name="filterContext"></param>
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
    }
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51

主要是去除登陆页面的验证判断

在App_Start文件夹中的FilterConfig中增加

public class FilterConfig
    {
        public static void RegisterGlobalFilters(GlobalFilterCollection filters)
        {
            filters.Add(new HandleErrorAttribute());
            filters.Add(new PermManagerWeb.Controllers.CustomAuthorzieAttribute());
        }
    }
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8

登陆页面处理:

[HttpPost]
        public ActionResult DoLogin(LoginInfoViewModel loginInfo)
        {
            if (ModelState.IsValid)
            {//输入验证成功
                bool bLoginOK = Login.LoginSys(GetDataAccess(), loginInfo.UserName, loginInfo.UserPassword);
                if (bLoginOK)
                {//登陆成功
                    FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
                        1,
                        loginInfo.UserName,
                        DateTime.Now,
                        DateTime.Now.AddMinutes(30),
                        false,
                        Request.UserHostAddress,
                        FormsAuthentication.FormsCookiePath);
                    string strCookie = FormsAuthentication.Encrypt(authTicket);
                    HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, strCookie);
                    Response.Cookies.Add(authCookie);

                    return RedirectToAction("../Main");  
                }
                else
                {//登陆失败
                    return View("Index");
                }                              
            }
            else
            {//输入验证失败
                return View("Index");
            }
        }