笔记三 过滤器应用之防止非法登录

 

 1. 在 App_Start 下新增一个 AuthFilter.cs

 public class HandlerLoginAttribute : AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);
        }

        /// <summary>
        /// 满足条件
        /// </summary>
        /// <param name="httpContext"></param>
        /// <returns></returns>
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
             string url= httpContext.Request.RawUrl;

            Common.OperatorProvider provider = Common.OperatorProvider.Provider;
            if (provider.GetCurrent()!=null)
            {
                return true;
            }
            return false;
        }

        /// <summary>
        /// 不满足条件执行
        /// </summary>
        /// <param name="filterContext"></param>
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            filterContext.HttpContext.Response.Redirect("/Login/Index");
            //不加这句话还是会执行请求的方法
            base.HandleUnauthorizedRequest(filterContext);
            return;

        }

 

注册全局变量

 

2.在以下的方法 标注允许所有用户访问,跳过验证,否则就永远登录不了

   
   [AllowAnonymous]  //容许所有的用户访问
        public ActionResult LoginPage()
        {
            return View();
        }

 [AllowAnonymous]
        public string Login(string userCode, string passWord)
        {
            try
            {
                DAL.sys.UserInfo user = new DAL.sys.UserInfo();

                if (userCode == "admin" && passWord == "123456")
                {
                    DataTable admin_dt = user.GetAllMenu();
                    Session["EmpCode"] = "admin";
                    Common.CreateTree tree = new Common.CreateTree();
                    //DataTable dtMenu = user.GetMenuByUser(userCode);
                    string jsonData = JsonConvert.SerializeObject(tree.BindTree(admin_dt, null, "0"));
                    return "{\"success\":true,\"data\":" + jsonData + "} ";
                }
                else
                {
                    DataTable dt = user.GetUserInfoByuserCode(userCode);
                    if (dt.Rows.Count == 0)
                    {
                        return "{\"success\":false,\"msg\":\" 该用户不存在!\"}";
                    }
                    else
                    {
                        if (dt.Rows[0]["PassWord"].ToString() != passWord)
                        {
                            return "{\"success\":false,\"msg\":\" 密码错误!\"}";
                        }
                        else
                        {
                            Session["EmpCode"] = dt.Rows[0]["EmpCode"].ToString();
                            Common.CreateTree tree = new Common.CreateTree();
                            DataTable dtMenu = user.GetMenuByUser(userCode);
                            string jsonData = JsonConvert.SerializeObject(tree.BindTree(dtMenu, null, "0"));
                            return "{\"success\":true,\"data\":" + jsonData + "} ";
                        }
                    }
                }
            }
           catch(Exception ex)
            {
                return ex.Message;
            }
           
        }

 

posted @ 2021-06-21 14:28  海龟123  阅读(101)  评论(0编辑  收藏  举报