asp.net mvc 5 利用ActionFilterAttribute实现权限过滤

 关于c#属性的教程:http://www.runoob.com/csharp/csharp-attribute.html

在asp.net mvc5中,可以利用ActionFilterAttribute类,以添加属性的方式很方便地实现权限管理。

这里我们用一个简单案例来作为演示。

vs2017新建asp.net mvc5 项目,models文件夹新建AuthorizeFilterAttribute.cs:

using System.Web.Mvc;

namespace AuthDemo.Models
{

    public class AuthorizeFilterAttribute:ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            base.OnActionExecuting(filterContext);

            string auth = filterContext.HttpContext.Request.Cookies["auth"]?.Value;

            bool isPass = string.Equals(auth,"true");

            if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute),true))  //判断action是否有 [AllowAnonymous] 属性。这句很重要,如果不写的话 [AllowAnonymous] 就失效了
            {
                return;
            }

            if (isPass)
            {
                return;
            }
            filterContext.Result = new ContentResult { Content = "权限不足" };
        }
    }
}

HomeController进行修改:

using AuthDemo.Models;
using System.Web;
using System.Web.Mvc;

namespace AuthDemo.Controllers
{
    [AuthorizeFilter]
    public class HomeController : Controller
    {
        [AllowAnonymous]   //允许绕过AuthorizeFilter
        public ActionResult Index()
        {
            return View();
        }

        public ActionResult About()
        {
            ViewBag.Message = "Your application description page.";

            return View();
        }

        public ActionResult Contact()
        {
            ViewBag.Message = "Your contact page.";

            return View();
        }

        [AllowAnonymous]
        public ActionResult Auth()
        {
            Response.Cookies.Remove("auth");
            Response.Cookies.Add(new HttpCookie("auth","true"));
            return Content("cookie设置成功");
        }

        public ActionResult TestAuth()
        {
            return Content("拥有权限");
        }
    }
}

 

一开始访问TestAuth方法显示的是权限不足,访问auth方法后在访问testauth方法则显示拥有权限。

如果不想用系统自带的AllowAnonymous类也可以自定义类。比如AuthorizeFilterAttribute修改成:

using System.Web.Mvc;

namespace AuthDemo.Models
{

    public class AuthorizeFilterAttribute:ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            base.OnActionExecuting(filterContext);

            string auth = filterContext.HttpContext.Request.Cookies["auth"]?.Value;

            bool isPass = string.Equals(auth,"true");

            if (filterContext.ActionDescriptor.IsDefined(typeof(NoAuthRequireAttribute),true))  //即使使用了自定义类也不能省略这句。
            {
                return;
            }

            if (isPass)
            {
                return;
            }
            filterContext.Result = new ContentResult { Content = "权限不足" };
        }
    }


    public class NoAuthRequireAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            base.OnActionExecuting(filterContext);
        }
    }
}

HomeController改成:

using AuthDemo.Models;
using System.Web;
using System.Web.Mvc;

namespace AuthDemo.Controllers
{
    [AuthorizeFilter]
    public class HomeController : Controller
    {
        [AllowAnonymous]
        public ActionResult Index()
        {
            return View();
        }

        public ActionResult About()
        {
            ViewBag.Message = "Your application description page.";

            return View();
        }

        public ActionResult Contact()
        {
            ViewBag.Message = "Your contact page.";

            return View();
        }

        [NoAuthRequire]
        public ActionResult Auth()
        {
            Response.Cookies.Remove("auth");
            Response.Cookies.Add(new HttpCookie("auth","true"));
            return Content("cookie设置成功");
        }

        public ActionResult TestAuth()
        {
            return Content("拥有权限");
        }
    }
}

同样可以实现。

 

posted on 2018-03-23 11:37  axel10  阅读(412)  评论(0编辑  收藏  举报