MVC Form认证、权限

复制代码
//一、首先是登录:

public class AccountController : BaseController
{
    public ActionResult Login()
    {
        //已经登录的,直接到默认首页
        if (HttpContext.Request.IsAuthenticated)
        {
            return Redirect(FormsAuthentication.DefaultUrl);
        }
        return View();
    }

    [HttpPost]
    public ActionResult Login(string userName, string userPassword, string isRemember)
    {
        if (userName == "admin" && userPassword == "111")
        {
            Person p = new Person() { Name = userName, Roles = "admin", Age = 23, Email = "xx@qq.com", Ip = MD5Helper.MD5Encrypt(Request.UserHostAddress) };
            bool remenber = isRemember == null ? false : true;
            //把用户对象保存在票据里 
            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userName, DateTime.Now, DateTime.Now.AddTicks(FormsAuthentication.Timeout.Ticks), remenber, p.ObjToJson());
            //加密票据
            string hashTicket = FormsAuthentication.Encrypt(ticket);
            HttpCookie userCookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashTicket);
            if (remenber)
            {
                userCookie.Expires = DateTime.Now.AddTicks(FormsAuthentication.Timeout.Ticks);
            }
            Response.Cookies.Add(userCookie);

            string returnUrl = HttpUtility.UrlDecode(Request["ReturnUrl"]);
            if (string.IsNullOrEmpty(returnUrl))
            {
                return RedirectToAction("Index", "Home");
            }
            else
            {
                return Redirect(returnUrl);
            }
        }
        else
        {
            ViewData["Tip"] = "用户名或密码有误!";
            return View();
        }
    }
    public ActionResult Logout()
    {
        //取消Session会话 
        Session.Abandon();
        //删除Forms验证票证 
        FormsAuthentication.SignOut();
        return RedirectToAction("Login", "Account");
    }
}

//二、权限验证 
 public class AuthAttribute : AuthorizeAttribute
    {

        /// <summary>
        /// 验证核心代码
        /// </summary>
        /// <param name="httpContext"></param>
        /// <returns></returns>
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            return string.IsNullOrEmpty(UserInfo.UserID) == false;
        }
        /// <summary>
        /// 验证失败处理
        /// </summary>
        /// <param name="filterContext"></param>
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            if (filterContext.HttpContext.Request.IsAjaxRequest())
            {
                JsonResult json = new JsonResult();
                json.Data = new { Status = 401, Message = "权限不足,服务器已拒绝您的操作!" };
                json.JsonRequestBehavior = JsonRequestBehavior.AllowGet;
                filterContext.Result = json;
            }
            else
            {
                UrlHelper url = new UrlHelper(filterContext.RequestContext);
                filterContext.Result = new BaseController().PageReturn("请先登录!", PubLib.PublicVars.GetNewURL(url.Action("Login", "StuEnroll")));
            }
            return;
        }
    }
复制代码

 

posted @   兴趣就是天赋  阅读(1110)  评论(0编辑  收藏  举报
(评论功能已被禁用)
编辑推荐:
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
阅读排行:
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 【译】Visual Studio 中新的强大生产力特性
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构
点击右上角即可分享
微信分享提示
AI IDE Trae