Asp.Net MVC验证用户登录授权

Biegral 2020/5/13 10:48:00 1194 

/// <summary>
/// 验证用户登录授权
/// </summary>
public sealed class IsLoginAttribute : FilterAttribute, IAuthorizationFilter
{
	/// <summary>
	/// 是否验证登录,true需要验证,false不用验证
	/// </summary>
	public bool IsCheck;
	public void OnAuthorization(AuthorizationContext filterContext)
	{
		//判断是否跳过授权过滤器
		if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)
			|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
		{
			return;
		}
		if (IsCheck)
		{
			object user = filterContext.HttpContext.Session["user"];
			bool isAjax = filterContext.HttpContext.Request.IsAjaxRequest();
			if (isAjax)
			{
				if (user == null)
				{
					//ContentResult content = new ContentResult();
					//content.Content = json;
					filterContext.Result = new HttpStatusCodeResult(999, "Not logged in");//content 
				}
			}
			else
			{
				string url = filterContext.HttpContext.Request.Url.LocalPath;
				string url2 = url.ToLower();
				string[] urlList = { "/manager/menu", "/manager/index" };
				if (user == null)
				{
					if (urlList.Contains(url2))
					{
						ActionResult result = new RedirectResult("/Manager/Login");
						filterContext.Result = result;
					}
					else if (filterContext.HttpContext.Request.HttpMethod == "GET")
					{
						ActionResult result = new RedirectResult("/Manager/Login");
						filterContext.Result = result;
					}
				}
			}
		}
	}
}

 

方式二,写个类继承AuthorizeAttribute,然后过滤验证请求:


public class LoginFilter : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
	    //判断是否跳过授权过滤器
		if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)
			|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
		{
			return;
		}
			
        var session = filterContext.HttpContext.Session;
        bool isAjax = filterContext.HttpContext.Request.IsAjaxRequest();
        LoginInfo loginInfo = session["LoginInfo"] as LoginInfo;
		if (loginInfo == null)
        {
            if (isAjax)
            {
                filterContext.Result = new HttpUnauthorizedResult("登录失效,请登录");
            }
            else
            {
                filterContext.Result = new RedirectResult(ConfigurationManager.AppSettings["loginpage"]);
            }
            return;
        } 
    }
}

//整个控制器所有方法都要验证登录
[LoginFilter]
public class BaseController : Controller
{

}


public class HomeController : Controller
{
         //不验证登录
        [AllowAnonymous]
        public ActionResult Index()
        {
            return View();
        }
}


public class DefaultController : Controller
{
       //验证登录
       [LoginFilter]
        public ActionResult Index()
        {
            return View();
        }
}

 

 

本文转载:CSDN博客

阅读排行

分类

归档