asp.net mvc forms身份认证

web.config配置

<authentication mode="Forms">
      <forms loginUrl="~/Login/Index" timeout="30" slidingExpiration="true"></forms>
</authentication>

• 1
• 2
• 3

增加一个Attribute类，继承自AuthorizeAttribute

public class CustomAuthorzieAttribute : AuthorizeAttribute
    {
        private string _controllerName = string.Empty;
        private string _actionName = string.Empty;

        /// <summary>
        /// base.OnAuthorization(filterContext)中会调用AuthorizeCore函数
        /// 
        /// 当AuthorizeCore返回false，则会继续调用HandleUnauthorizedRequest进行处理
        /// 
        /// 所以OnAuthorization是该类的总入口
        /// 
        /// </summary>
        /// <param name="filterContext"></param>
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            _controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
            _actionName = filterContext.ActionDescriptor.ActionName;

            base.OnAuthorization(filterContext);
        }

        /// <summary>
        /// base.OnAuthorization来调用
        /// </summary>
        /// <param name="httpContext"></param>
        /// <returns></returns>
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (_controllerName.ToLower() == "login")
            {//登陆界面，不用身份认证，直接返回true
                return true;
            }

            if (!httpContext.User.Identity.IsAuthenticated)
            {
                return false;
            }

            return true;
        }

        /// <summary>
        /// 当AuthorizeCore返回false时候调用
        /// </summary>
        /// <param name="filterContext"></param>
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
    }

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46
• 47
• 48
• 49
• 50
• 51

主要是去除登陆页面的验证判断

在App_Start文件夹中的FilterConfig中增加

public class FilterConfig
    {
        public static void RegisterGlobalFilters(GlobalFilterCollection filters)
        {
            filters.Add(new HandleErrorAttribute());
            filters.Add(new PermManagerWeb.Controllers.CustomAuthorzieAttribute());
        }
    }

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8

登陆页面处理：

[HttpPost]
        public ActionResult DoLogin(LoginInfoViewModel loginInfo)
        {
            if (ModelState.IsValid)
            {//输入验证成功
                bool bLoginOK = Login.LoginSys(GetDataAccess(), loginInfo.UserName, loginInfo.UserPassword);
                if (bLoginOK)
                {//登陆成功
                    FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
                        1,
                        loginInfo.UserName,
                        DateTime.Now,
                        DateTime.Now.AddMinutes(30),
                        false,
                        Request.UserHostAddress,
                        FormsAuthentication.FormsCookiePath);
                    string strCookie = FormsAuthentication.Encrypt(authTicket);
                    HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, strCookie);
                    Response.Cookies.Add(authCookie);

                    return RedirectToAction("../Main");  
                }
                else
                {//登陆失败
                    return View("Index");
                }                              
            }
            else
            {//输入验证失败
                return View("Index");
            }
        }