MVC中使用AuthorizeAttribute做身份验证操作
代码顺序为:OnAuthorization-->AuthorizeCore-->HandleUnauthorizedRequest
如果AuthorizeCore返回false时,才会走HandleUnauthorizedRequest 方法,并且Request.StausCode会返回401,401错误又对应了Web.config中
的
<authentication
mode="Forms">
<forms loginUrl="~/" timeout="2880" />
</authentication>
所有,AuthorizeCore==false 时,会跳转到 web.config 中定义的 loginUrl="~/"
- public class CheckLoginAttribute : AuthorizeAttribute
- {
- protected override bool AuthorizeCore(HttpContextBase httpContext)
- {
- bool Pass = false;
- if (!CheckLogin.AdminLoginCheck())
- {
- httpContext.Response.StatusCode = 401;//无权限状态码
- Pass = false;
- }
- else
- {
- Pass = true;
- }
- return Pass;
- }
- protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
- {
- base.HandleUnauthorizedRequest(filterContext);
- if (filterContext.HttpContext.Response.StatusCode == 401)
- {
- filterContext.Result = new RedirectResult("/");
- }
- }
- }
public class CheckLoginAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { bool Pass = false; if (!CheckLogin.AdminLoginCheck()) { httpContext.Response.StatusCode = 401;//无权限状态码 Pass = false; } else { Pass = true; } return Pass; } protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { base.HandleUnauthorizedRequest(filterContext); if (filterContext.HttpContext.Response.StatusCode == 401) { filterContext.Result = new RedirectResult("/"); } } }
AuthorizeAttribute的OnAuthorization方法内部调用了AuthorizeCore方法,这个方法是实现验证和授权逻辑的地方,如果这个方法返回true,
表示授权成功,如果返回false, 表示授权失败, 会给上下文设置一个HttpUnauthorizedResult,这个ActionResult执行的结果是向浏览器返回
一个401状态码(未授权),但是返回状态码没什么意思,通常是跳转到一个登录页面,可以重写AuthorizeAttribute的
HandleUnauthorizedRequest
- protected override void HandleUnauthorizedRequest(AuthorizationContext context)
- {
- if (context == null)
- {
- throw new ArgumentNullException("filterContext");
- }
- else
- {
- string path = context.HttpContext.Request.Path;
- string strUrl = "/Account/LogOn?returnUrl={0}";
- context.HttpContext.Response.Redirect(string.Format(strUrl, HttpUtility.UrlEncode(path)), true);
- }
- }
protected override void HandleUnauthorizedRequest(AuthorizationContext context) { if (context == null) { throw new ArgumentNullException("filterContext"); } else { string path = context.HttpContext.Request.Path; string strUrl = "/Account/LogOn?returnUrl={0}"; context.HttpContext.Response.Redirect(string.Format(strUrl, HttpUtility.UrlEncode(path)), true); } }