Configuration of alumni five web.config based on. NET MVC and permission control of filter implementation

Web.config configuration file

This file is the configuration center of the entire system, which tells the IIS server what runtime environment is required for this web site, what environment is required, what will be done, and developers will put a constant data in this configuration for system global invocation. This document is rich in content, for some general projects, not to be described, only for the configuration of the system to explain accordingly.

Web.config configuration file

Web.config is an XML-formatted file that is a structured document that can traverse data through nodes. The first line <?xml version= "1.0" encoding= "Utf-8"?> describes the format used by XML and the encoding type of this file, which is Unicode by default, and this is changed to Utf-8. The following is the configuration parent node, which means that everything here is a configurable content. The key point here is the connectionstrings node, which holds the Abconnection database connection string. This string contains the database file and declares the required support engine (system.data.sqlserverce.4.0).

On line 97th there is a entityframework node, which is the VS Autoconfiguration, where the user can set the version used in the project-attribute. Of course, many people also write membership in web.config, which is used for permission control. This is also a new feature in. NET MVC, but since vs will automatically set up data tables, resulting in lower user mastery of the system, two solutions are envisaged in the permissions side, which is said later. The second child of line 70th Runtime is the default reference namespace, and when users create a new class in this project, they will reference those namespaces by default to save time.

Permission Control Module Filter

Permission control is a Web site system must function, large to the role of permissions, small to control whether the user landing, are involved in.. NET has always provided a rich and practical way to do this, such as from validation in the ASPX era, just drag the control on it, and configure it to automatically validate each page. MVC does not control this, so the form of the drag control is not available, because Microsoft gives the user membership to control, but because the membership to naturally generate tables in the database, and the table has a lot of fields, plus the mandatory definition of some person's properties , and then the person entity class construction method has no empty parameters, so the construction is very cumbersome, think of each time to write dozens of field assignment, too terrible. Therefore, after considering, decided to resolve the issue of permission validation, permission validation includes two parts: A. Verify is not an online user; B. Verify that the administrator is not an administrator. In fact, the implementation of the two methods is the same, take the detection of the existence of the user as an example, because this project is to apply. NET MVC, the period is not excessive security settings.

Since all logic has to be controlled by the controller, so the first thought is to get control from the controller, want to call a static method in each control, you can write a parent controller, implement a static method, and then other controllers inherit the controller, and then in each of the controller's methods, Use this static method to validate the first time. However, this approach seems to break the normal file structure of. NET MVC. So, instead of adopting it, we chose the new feature filter in. NET MVC. Filter is actually the attribute attribute of the method. If you control the properties of the method and write the event for the method, the method can be controlled after execution.

Add a folder filter to your project, a new class IsLogedAttribute.cs in this folder, which is a filter that detects whether the current user is online while executing a controller method.

Referenced namespaces:

Using System;

Using System.Collections.Generic;

Using System.Linq;

Using System.Web;

Using System.Web.MVC;

Using Alumnibook.models;

Using Alumnibook.ensleep;

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/Programming/net/

Ensleep is a tool class written by itself, which provides a few encapsulated methods. Models is a reference to the entity model to ensure that the entity model can be invoked in this class for data alignment. Other system-level calls are the namespaces that must be referenced in the. NET MVC Project.

public class Islogedattribute:filterattribute, Iactionfilter

{

void iactionfilter.onactionexecuted (ActionExecutedContext filtercontext)

{

}

void Iactionfilter.onactionexecuting (ActionExecutingContext filtercontext)

{

Omitting code content here

}

}

This class inherits the FilterAttribute and Iactionfilter two classes, which are interfaces, the previous parent class provides a common method, and the following interface ensures that the onactionexecuted and OnActionExecuting methods are implemented. These two methods are the focus of the realization of the filter function.

OnActionExecuted is the method to be executed after the action is executed. This is done before the method is executed, so this method requires no extra action. OnActionExecuting is triggered before the execution of the method, which is mainly implemented here. Its parameter is the ActionExecutingContext type, it contains all the attributes in the HTML request, and after the method execution is complete, it can return to the previous process with the corresponding data and perform the appropriate action. Let's look at how the Controller method references filter.

public class Personalcentercontroller:controller

{

[Isloged]

Public ActionResult Index ()

{}

}

This is a personal center controller, Index is a method of it, when the request URL is:/personal/index, because there are isloged attribute tag, so the OnActionExecuting method in Isloged is executed first. Then get the session from the Filtercontext, and then look at the server Sesson whether to save the current conversation, if not, that the user's browser turned off, or the user has long been no operation, this time to let the user out, the user requested the operation of illegal, Turn the user to the landing page. FilterContext.HttpContext.Response.Redirect ("/log/login", true); is to control the turn of the user's request, true to represent whether the requested action before the user continues execution, and true is terminated. In other words, the index method in the controller has not yet been executed, it is over. If the session-validated data exists, then the encapsulated method Sleep.ismyuser () is invoked, which determines whether a user is a legitimate user, and the string username is passed in, because it is implemented by the test function, so there is no MD5 encryption. If a user in the database is detected, no action is made, so that when filter execution completes, it automatically jumps back to the method in the previous controller to continue execution. If it is not a user in the database, then there is no landing, this time, the session of the username removed, and then the user to the landing page.