MVC中使用AuthorizeAttribute做身份验证操作


 



代码顺序为:OnAuthorization-->AuthorizeCore-->HandleUnauthorizedRequest 


如果AuthorizeCore返回false时,才会走HandleUnauthorizedRequest 方法,并且Request.StausCode会返回401,401错误又对应了Web.config中

<authentication mode="Forms">
      <forms loginUrl="~/" timeout="2880" />
    </authentication>

所有,AuthorizeCore==false 时,会跳转到 web.config 中定义的  loginUrl="~/"

 

  1. public class CheckLoginAttribute : AuthorizeAttribute  
  2.    {  
  3.   
  4.        protected override bool AuthorizeCore(HttpContextBase httpContext)  
  5.        {  
  6.            bool Pass = false;  
  7.            if (!CheckLogin.AdminLoginCheck())  
  8.            {  
  9.                httpContext.Response.StatusCode = 401;//无权限状态码  
  10.                Pass = false;  
  11.            }  
  12.            else   
  13.            {  
  14.                Pass = true;  
  15.            }  
  16.   
  17.            return Pass;  
  18.        }  
  19.   
  20.         
  21.   
  22.        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)  
  23.        {  
  24.            base.HandleUnauthorizedRequest(filterContext);  
  25.            if (filterContext.HttpContext.Response.StatusCode == 401)  
  26.            {  
  27.                filterContext.Result = new RedirectResult("/");  
  28.            }  
  29.        }  
  30.         
  31.   
  32.        
  33.    }  
 public class CheckLoginAttribute : AuthorizeAttribute
    {

        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            bool Pass = false;
            if (!CheckLogin.AdminLoginCheck())
            {
                httpContext.Response.StatusCode = 401;//无权限状态码
                Pass = false;
            }
            else 
            {
                Pass = true;
            }

            return Pass;
        }

       

        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            base.HandleUnauthorizedRequest(filterContext);
            if (filterContext.HttpContext.Response.StatusCode == 401)
            {
                filterContext.Result = new RedirectResult("/");
            }
        }
       

      
    }

 

AuthorizeAttribute的OnAuthorization方法内部调用了AuthorizeCore方法,这个方法是实现验证和授权逻辑的地方,如果这个方法返回true,

 

   表示授权成功,如果返回false, 表示授权失败, 会给上下文设置一个HttpUnauthorizedResult,这个ActionResult执行的结果是向浏览器返回

 

   一个401状态码(未授权),但是返回状态码没什么意思,通常是跳转到一个登录页面,可以重写AuthorizeAttribute的

   HandleUnauthorizedRequest 

  1. protected override void HandleUnauthorizedRequest(AuthorizationContext context)  
  2.         {  
  3.             if (context == null)  
  4.             {  
  5.                 throw new ArgumentNullException("filterContext");  
  6.             }  
  7.             else  
  8.             {  
  9.                 string path = context.HttpContext.Request.Path;  
  10.                 string strUrl = "/Account/LogOn?returnUrl={0}";  
  11.                   
  12.                 context.HttpContext.Response.Redirect(string.Format(strUrl, HttpUtility.UrlEncode(path)), true);  
  13.                   
  14.             }  
  15.               
  16.         }  
protected override void HandleUnauthorizedRequest(AuthorizationContext context)
        {
            if (context == null)
            {
                throw new ArgumentNullException("filterContext");
            }
            else
            {
                string path = context.HttpContext.Request.Path;
                string strUrl = "/Account/LogOn?returnUrl={0}";
                
                context.HttpContext.Response.Redirect(string.Format(strUrl, HttpUtility.UrlEncode(path)), true);
                
            }
            
        }


posted @ 2015-03-16 11:27  编程猴子  阅读(543)  评论(0编辑  收藏  举报