MVC中使用AuthorizeAttribute做身份验证操作

代码顺序为:OnAuthorization-->AuthorizeCore-->HandleUnauthorizedRequest

 


假设AuthorizeCore返回false时,才会走HandleUnauthorizedRequest 方法,而且Request.StausCode会返回401,401错误又相应了Web.config中

<authentication mode="Forms">
      <forms loginUrl="~/" timeout="2880" />
    </authentication>

全部,AuthorizeCore==false 时,会跳转到 web.config 中定义的  loginUrl="~/"

 

 public class CheckLoginAttribute : AuthorizeAttribute
    {

        protected override bool AuthorizeCore(HttpContextBase httpContext)        {
            bool Pass = false;
            if (!CheckLogin.AdminLoginCheck())
            {
                httpContext.Response.StatusCode = 401;//无权限状态码
                Pass = false;
            }
            else
            {
                Pass = true;
            }

            return Pass;
        }

      

        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {


            if(filterContext.HttpContext.Request.IsAjaxRequest())
            {
                if (!App.AppService.IsLogon)
                {

                    filterContext.Result = new JsonResult
                                               {
                                                   Data = new {IsSuccess = false, Message = "不好意思,登录超时,请又一次登录再操作!"},
                                                   JsonRequestBehavior = JsonRequestBehavior.AllowGet
                                               };
                    return;
                }
            }
            if (App.AppService.IsLogon)
            {
                return;
            }

            base.HandleUnauthorizedRequest(filterContext);
            if (filterContext.HttpContext.Response.StatusCode == 401)
            {
                filterContext.Result = new RedirectResult("/");
            }
        }
      

     
    }

 

 

 


 

 

AuthorizeAttribute的OnAuthorization方法内部调用了AuthorizeCore方法,这种方法是实现验证和授权逻辑的地方,假设这种方法返回true,


   表示授权成功,假设返回false, 表示授权失败, 会给上下文设置一个HttpUnauthorizedResult,这个ActionResult运行的结果是向浏览器返回


   一个401状态码(未授权),可是返回状态码没什么意思,一般是跳转到一个登录页面,能够重写AuthorizeAttribute的

   HandleUnauthorizedRequest
protected override void HandleUnauthorizedRequest(AuthorizationContext context)
        {
            if (context == null)
            {
                throw new ArgumentNullException("filterContext");
            }
            else
            {
                string path = context.HttpContext.Request.Path;
                string strUrl = "/Account/LogOn?returnUrl={0}";
               
                context.HttpContext.Response.Redirect(string.Format(strUrl, HttpUtility.UrlEncode(path)), true);
               
            }
           
        }

 

 

posted on 2014-10-10 17:47  gcczhongduan  阅读(189)  评论(0编辑  收藏  举报