.net中的身份认——AuthorizeAttribute

1..net自己的AuthorizeAttribute类来实现用户身份验证

AuthorizeAttribute类有两个重要的方法:AuthorizeCore和HandleUnauthorizedRequest。其中AuthorizeCore函数是用来判断一个请求是否通过用户验证,它的返回结果是一个bool。HandleUnauthorizedRequest函数则是在AuthorizeCore返回结果是false时会调用的函数。源代码如下所示:

 

实例:

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false)]
    public class CheckAttribute : AuthorizeAttribute
    {
        #region Methods

        protected override bool AuthorizeCore(HttpContextBase context)
        {
            var cookie = HttpContext.Current.Request.Cookies["ctoken"];
            if (cookie != null && !string.IsNullOrEmpty(cookie.Value))
            {
                var redis = new RedisService();
                var r = redis.GetUser(cookie.Value);
                if (r.Item1 && (string.IsNullOrEmpty(LoginSysUser.GetUserName()) || r.Item2 != LoginSysUser.GetUserName()))
                {

                    var mUser = new UserService().FindByUserName(r.Item2);

                    new LoginSysUser()
                    {
                        Id = mUser.USERID.ToString(),
                        UserName = mUser.USERNAME,
                        Expires = DateTime.Now.AddMinutes(20)
                    }.Login();
                    return true;
                }

            }
            var falg = !string.IsNullOrEmpty(LoginSysUser.GetId());
            if (!falg)
                context.Response.StatusCode = 403;
            return falg;
        }

        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            base.HandleUnauthorizedRequest(filterContext);
            if (filterContext.HttpContext.Response.StatusCode == 403)
            {
                if (filterContext.HttpContext.Request.Url != null)
                {
                    if (filterContext.HttpContext.Request.IsAjaxRequest())
                    {
                        var result = new JsonResult
                        {
                            Data = new
                            {
                                Code = -1,
                                Message = "请先登录!"
                            },
                            JsonRequestBehavior = JsonRequestBehavior.AllowGet
                        };
                        filterContext.Result = result;
                    }
                    else
                    {
                        filterContext.Result = new RedirectResult("~/Sys/Account/Login");
                    }
                }
            }
        }

        #endregion Methods
    }

2. 添加AuthorizeAttribute过滤

我们自定义个AthorizeAttribute已经实现了,接下来就是在控制器上面实现了。具体实现方法有三种

1、Controller层级添加

 

 2、Action层级添加

 

 3、全局添加(这个过滤器配置可以在Global.asax中看到)

 

 

四、取消过滤

      有些页面,例如登录页面、登录请求的时候用户是肯定还没有登录的,这个时候如果我用了全局添加的话,用户岂不是永远无法登录了?那么为了使某些特定的方法可以不用验证过滤可以在特定Action、Controller上面添加以下抬头

 

 AllowAonymous表示一个特性,该特性用于标记在授权期间要跳过 System.Web.Mvc.AuthorizeAttribute 的控制器和操作

 

posted @ 2020-05-11 08:34  leolzi  阅读(6421)  评论(1编辑  收藏  举报