Web用户的身份验证及WebApi权限验证流程的设计和实现(续)
4.4 权限属性RequireAuthorizationAttribute
- "font-size:14px;">///
- /// 权限验证属性类
- ///
- public class RequireAuthorizeAttribute : AuthorizeAttribute
- {
- ///
- /// 用户权限列表
- ///
- public UserAuthModel[] UserAuthList
- {
- get
- {
- return AuthorizedUser.Current.UserAuthList;
- }
- }
- ///
- /// 登录用户票据
- ///
- public string UserLoginTicket
- {
- get
- {
- return AuthorizedUser.Current.UserLoginTicket;
- }
- }
- public override void OnAuthorization(AuthorizationContext filterContext)
- {
- base.OnAuthorization(filterContext);
- ////验证是否是登录用户
- var identity = filterContext.HttpContext.User.Identity;
- if (identity.IsAuthenticated)
- {
- var actionName = filterContext.ActionDescriptor.ActionName;
- var controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
- //验证用户操作是否在权限列表中
- if (HasActionQulification(actionName, controllerName, identity.Name))
- if (!string.IsNullOrEmpty(UserLoginTicket))
- //有效登录用户,有权限访问此Action,则写入Cookie信息
- filterContext.HttpContext.Response.Cookies[FormsAuthentication.FormsCookieName].Value = UserLoginTicket;
- else
- //用户的Session, Cookie都过期,需要重新登录
- filterContext.HttpContext.Response.Redirect("~/Account/Login", false);
- else
- //虽然是登录用户,但没有该Action的权限,跳转到“未授权访问”页面
- filterContext.HttpContext.Response.Redirect("~/Home/UnAuthorized", true);
- }
- else
- {
- //未登录用户,则判断是否是匿名访问
- var attr = filterContext.ActionDescriptor.GetCustomAttributes(true).OfType();
- bool isAnonymous = attr.Any(a => a is AllowAnonymousAttribute);
- if (!isAnonymous)
- //未验证(登录)的用户, 而且是非匿名访问,则转向登录页面
- filterContext.HttpContext.Response.Redirect("~/Account/Login", true);
- }
- }
- ///
- /// 从权限列表验证用户是否有权访问Action
- ///
- ///
- ///
- ///
- private bool HasActionQulification(string actionName, string controllerName, stringuserName)
- {
- //从该用户的权限数据列表中查找是否有当前Controller和Action的item
- var auth = UserAuthList.FirstOrDefault(a =>
- {
- bool rightAction = false;
- bool rightController = a.Controller == controllerName;
- if (rightController)
- {
- string[] actions = a.Actions.Split(',');
- rightAction = actions.Contains(actionName);
- }
- return rightAction;
- });
- //此处可以校验用户的其它权限条件
- //var notAllowed = HasOtherLimition(userName);
- //var result = (auth != null) && notAllowed;
- //return result;
- return (auth != null);
- }
- }
4.5 业务Controller示例
- "font-size:14px;">public class ProductController : WebControllerBase
- {
- [AllowAnonymous]
- public ActionResult Query()
- {
- return View("ProductQuery");
- }
- [HttpGet]
- //[AllowAnonymous]
- [RequireAuthorize]
- public ActionResult Detail(string id)
- {
- var cookie = HttpContext.Request.Cookies;
- string url = base.ApiUrl + "/Get/" + id;
- HttpClient httpClient = HttpClientHelper.Create(url, base.UserLoginTicket);
- string result = httpClient.GetString();
- var model = JsonSerializer.DeserializeFromString(result);
- ViewData["PRODUCT_ADD_OR_EDIT"] = "E";
- return View("ProductForm", model);
- }
- }