Filter for permission control

my AOP design concept in software development is more and more widely used, this is not a tall thing, but every programmer should be familiar with a thing. Because it is convenient for us programmers. With AOP, we can focus on the writing of logical code, unifying those system functions to the AOP framework to manage them and automatically coupling them at runtime.

when we visit the URL page, such as a can browse all pages. B can only browse a portion of the page, if there is no unified permission control, as long as the URL address is correct, everyone can access. So there is no authority to control the words. So before we go to the page, we're going to automatically perform the permission judgments I wrote.

know exactly what I'm going to do, so how to do it?

I have customized a filter--authattribute.

1. If I want to execute the action below this controller. This controller and action are all written by ourselves, and this is just an example.

2. Namespace Itoo. Basicplaceclient.controllers

   
   

4. {

   
   

6. Controller class, inherits the controllers

   
   

8. 
   

10. public class Mycontroller:controller

    
    

12. {

    
    

14. 
    

16. Public ActionResult Index ()

    
    

18. {

    
    

20. return View ();

    
    

22. }

    
    

24. }

    
    

26. }

Copy Code

2, before the execution, the permission to judge, the implementation of the custom I wrote the filter. Here we will take out your brief access to the Controller and action, in the cache to remove the access you have. Determine if you have permission to access the action in the controller. Without permission, give a friendly prompt directly, you do not have permission. Hey, it's kind of friendly. But if you have permission, he will continue to execute the action you want to access and present the page you want to see.

2. Using System;

   
   

4. Using System.Collections.Generic;

   
   

6. Using System.Linq;

   
   

8. Using System.Web;

   
   

10. Using SYSTEM.WEB.MVC;

    
    

12. Using Itoo. Library.Core.Memcache;

    
    

14. Using System.Collections;

    
    

16. 
    

18. Namespace Itoo. BasicPlaceClient.Controllers.Attribute

    
    

20. {

    
    

22. ///

    
    

24. ActionFilterAttribute is the action filter class, which is executed before an action is executed. and ActionFilterAttribute is A class of MVC that specializes in handling action filtering. A permission restriction based on this principle.

    
    

26. ///

    
    

28. public class Authattribute:actionfilterattribute

    
    

30. {

    
    

32. ///

    
    

34. Called by the ASP framework before executing the action method

    
    

36. ///

    
    

38. ///

    
    

40. public override void OnActionExecuting (ActionExecutingContext filtercontext)

    
    

42. {

    
    

44. Get Controllername Name

    
    

46. var controllername = filtercontext.routedata.values["Controller"]. ToString ();

    
    

48. 
    

50. Get the domain name of the action you're going to execute

    
    

52. var actionname = httpcontext.current.request.requestcontext.routedata.values["Action"]. ToString ();

    
    

54. 
    

56. GUID selfGuid1 = Guid.NewGuid ();//application for a simulated GUID

    
    

58. GUID SelfGuid2 = Guid.NewGuid ();//application for a simulated GUID

    
    

60. 
    

62. Memcachehelper.add (Selfguid1.tostring (), "querybed", DateTime.Now.AddMinutes (20));

    Controller cache

    
    

64. Memcachehelper.add (Selfguid2.tostring (), "Index", DateTime.Now.AddMinutes (20));

    Action Cache

    
    

66. 
    

68. Create a list collection

    
    

70. List guids1 = new list ();

    
    

72. 
    

74. Store the key value taken out of the cache in the list

    
    

76. Guids1. ADD (Selfguid1.tostring ());

    
    

78. Guids1. ADD (Selfguid2.tostring ());

    
    

80. 
    

82. Create a data Dictionary Getkey object

    
    

84. IDictionary getkey = new Dictionary ();

    
    

86. 
    

88. Get a set of caches

    
    

90. Getkey = Memcachehelper.get (GUIDS1);

    
    

92. 
    

94. Verify permissions, first verify controller

    
    

96. foreach (KeyValuePair kvp in Getkey)

    
    

98. {

    
    

100. If you have permissions to the controller that will be accessed

     
     

102. if (kvp. value.tostring () = = Controllername)

     
     

104. If you have permissions to the acting you want to access

     
     

106. foreach (KeyValuePair kvp1 in Getkey)

     
     

108. if (KVP1. value.tostring () = = ActionName)

     
     

110. {

     
     

112. All pass, there is an action under the controller that will access the

     
     

114. Return

     
     

116. }

     
     

118. }

     
     

120. No permissions, validation does not pass

     
     

122. Contentresult Content = new Contentresult ();

     
     

124. Content.content = "
     

126. Execution result is permission not passed

     
     

128. Filtercontext.result = Content;

     
     

130. }

     
     

132. 
     

134. }

     
     

136. }

Copy Code

This is the code of Authority judgment. Before using it, we need to register with Registerglobalfilters in global. Otherwise, this code will not be executed until the method executes.

3. Registration:

1. Filters. ADD (New Authattribute ());

Copy Code

in this way, a simple permission control is implemented. Technology is shallow, it is written like this, there is nothing wrong with everyone to communicate with each other.

More Java Learning web Framework Learning Http://techfoxbbs.com

Filter for permission control