asp.net mvc 5 利用ActionFilterAttribute实现权限过滤
关于c#属性的教程:http://www.runoob.com/csharp/csharp-attribute.html
在asp.net mvc5中,可以利用ActionFilterAttribute类,以添加属性的方式很方便地实现权限管理。
这里我们用一个简单案例来作为演示。
vs2017新建asp.net mvc5 项目,models文件夹新建AuthorizeFilterAttribute.cs:
using System.Web.Mvc; namespace AuthDemo.Models { public class AuthorizeFilterAttribute:ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { base.OnActionExecuting(filterContext); string auth = filterContext.HttpContext.Request.Cookies["auth"]?.Value; bool isPass = string.Equals(auth,"true"); if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute),true)) //判断action是否有 [AllowAnonymous] 属性。这句很重要,如果不写的话 [AllowAnonymous] 就失效了 { return; } if (isPass) { return; } filterContext.Result = new ContentResult { Content = "权限不足" }; } } }
HomeController进行修改:
using AuthDemo.Models; using System.Web; using System.Web.Mvc; namespace AuthDemo.Controllers { [AuthorizeFilter] public class HomeController : Controller { [AllowAnonymous] //允许绕过AuthorizeFilter public ActionResult Index() { return View(); } public ActionResult About() { ViewBag.Message = "Your application description page."; return View(); } public ActionResult Contact() { ViewBag.Message = "Your contact page."; return View(); } [AllowAnonymous] public ActionResult Auth() { Response.Cookies.Remove("auth"); Response.Cookies.Add(new HttpCookie("auth","true")); return Content("cookie设置成功"); } public ActionResult TestAuth() { return Content("拥有权限"); } } }
一开始访问TestAuth方法显示的是权限不足,访问auth方法后在访问testauth方法则显示拥有权限。
如果不想用系统自带的AllowAnonymous类也可以自定义类。比如AuthorizeFilterAttribute修改成:
using System.Web.Mvc; namespace AuthDemo.Models { public class AuthorizeFilterAttribute:ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { base.OnActionExecuting(filterContext); string auth = filterContext.HttpContext.Request.Cookies["auth"]?.Value; bool isPass = string.Equals(auth,"true"); if (filterContext.ActionDescriptor.IsDefined(typeof(NoAuthRequireAttribute),true)) //即使使用了自定义类也不能省略这句。 { return; } if (isPass) { return; } filterContext.Result = new ContentResult { Content = "权限不足" }; } } public class NoAuthRequireAttribute : ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { base.OnActionExecuting(filterContext); } } }
HomeController改成:
using AuthDemo.Models; using System.Web; using System.Web.Mvc; namespace AuthDemo.Controllers { [AuthorizeFilter] public class HomeController : Controller { [AllowAnonymous] public ActionResult Index() { return View(); } public ActionResult About() { ViewBag.Message = "Your application description page."; return View(); } public ActionResult Contact() { ViewBag.Message = "Your contact page."; return View(); } [NoAuthRequire] public ActionResult Auth() { Response.Cookies.Remove("auth"); Response.Cookies.Add(new HttpCookie("auth","true")); return Content("cookie设置成功"); } public ActionResult TestAuth() { return Content("拥有权限"); } } }
同样可以实现。