Web用户的身份验证及WebApi权限验证流程的设计和实现(续)

4.4 权限属性RequireAuthorizationAttribute

[csharp] view plaincopy
 
  1. "font-size:14px;">///
  2. /// 权限验证属性类
  3. ///
  4. public class RequireAuthorizeAttribute : AuthorizeAttribute
  5. {
  6. ///
  7. /// 用户权限列表
  8. ///
  9. public UserAuthModel[] UserAuthList
  10. {
  11. get
  12. {
  13. return AuthorizedUser.Current.UserAuthList;
  14. }
  15. }
  16. ///
  17. /// 登录用户票据
  18. ///
  19. public string UserLoginTicket
  20. {
  21. get
  22. {
  23. return AuthorizedUser.Current.UserLoginTicket;
  24. }
  25. }
  26. public override void OnAuthorization(AuthorizationContext filterContext)
  27. {
  28. base.OnAuthorization(filterContext);
  29. ////验证是否是登录用户
  30. var identity = filterContext.HttpContext.User.Identity;
  31. if (identity.IsAuthenticated)
  32. {
  33. var actionName = filterContext.ActionDescriptor.ActionName;
  34. var controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
  35. //验证用户操作是否在权限列表中
  36. if (HasActionQulification(actionName, controllerName, identity.Name))
  37. if (!string.IsNullOrEmpty(UserLoginTicket))
  38. //有效登录用户,有权限访问此Action,则写入Cookie信息
  39. filterContext.HttpContext.Response.Cookies[FormsAuthentication.FormsCookieName].Value = UserLoginTicket;
  40. else
  41. //用户的Session, Cookie都过期,需要重新登录
  42. filterContext.HttpContext.Response.Redirect("~/Account/Login", false);
  43. else
  44. //虽然是登录用户,但没有该Action的权限,跳转到“未授权访问”页面
  45. filterContext.HttpContext.Response.Redirect("~/Home/UnAuthorized", true);
  46. }
  47. else
  48. {
  49. //未登录用户,则判断是否是匿名访问
  50. var attr = filterContext.ActionDescriptor.GetCustomAttributes(true).OfType();
  51. bool isAnonymous = attr.Any(a => a is AllowAnonymousAttribute);
  52. if (!isAnonymous)
  53. //未验证(登录)的用户, 而且是非匿名访问,则转向登录页面
  54. filterContext.HttpContext.Response.Redirect("~/Account/Login", true);
  55. }
  56. }
  57. ///
  58. /// 从权限列表验证用户是否有权访问Action
  59. ///
  60. ///
  61. ///
  62. ///
  63. private bool HasActionQulification(string actionName, string controllerName, stringuserName)
  64. {
  65. //从该用户的权限数据列表中查找是否有当前Controller和Action的item
  66. var auth = UserAuthList.FirstOrDefault(a =>
  67. {
  68. bool rightAction = false;
  69. bool rightController = a.Controller == controllerName;
  70. if (rightController)
  71. {
  72. string[] actions = a.Actions.Split(',');
  73. rightAction = actions.Contains(actionName);
  74. }
  75. return rightAction;
  76. });
  77. //此处可以校验用户的其它权限条件
  78. //var notAllowed = HasOtherLimition(userName);
  79. //var result = (auth != null) && notAllowed;
  80. //return result;
  81. return (auth != null);
  82. }
  83. }

 

4.5 业务Controller示例

[csharp] view plaincopy
 
    1. "font-size:14px;">public class ProductController : WebControllerBase
    2. {
    3. [AllowAnonymous]
    4. public ActionResult Query()
    5. {
    6. return View("ProductQuery");
    7. }
    8. [HttpGet]
    9. //[AllowAnonymous]
    10. [RequireAuthorize]
    11. public ActionResult Detail(string id)
    12. {
    13. var cookie = HttpContext.Request.Cookies;
    14. string url = base.ApiUrl + "/Get/" + id;
    15. HttpClient httpClient = HttpClientHelper.Create(url, base.UserLoginTicket);
    16. string result = httpClient.GetString();
    17. var model = JsonSerializer.DeserializeFromString(result);
    18. ViewData["PRODUCT_ADD_OR_EDIT"] = "E";
    19. return View("ProductForm", model);
    20. }
    21. }
posted @ 2015-11-27 20:44  星火卓越  阅读(1311)  评论(0编辑  收藏  举报