ASP. net mvc View and Web API basic permission Verification

ASP. net mvc 5.0 has been released for a period of time. It is ready to refactor the original MVC project and record the basic permission verification.

Environment: Windows 7 Professional SP1 + Microsoft Visual Studio 2013 (MVC 5 + Web API 2)

Modify Web. config and add the Forms authentication mode. Add the following configuration to the system. web node:

 System.Web.Security;

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = , AllowMultiple =     (httpContext ==   (httpContext.User.Identity.IsAuthenticated && = (    (filterContext.HttpContext.Response.StatusCode == (=  RedirectToRouteResult(,             

Create a Controller base class PageBase, inherited from Controller:

 System.Web.Mvc;

The controllers of all views are inherited from PageBase and no longer from the Controller.

After inheriting PageBase, All controllers must log on to AllowAnonymous (take AccountController as an example) for the Controller (or Action) that allows anonymous access ):

 System.Web.Mvc;

  ActionResult Login()  =  ActionResult Detail( id)   = 

The development of the page Controller is basically complete. The next step is to log on to the page (~ /Login) Use js to submit login information and post to submit.

After submission, You need to develop the Web API interface.

[MVC Web API Controller]

Similarly, a new ApiAuth is inherited from ActionFilterAttribute:

 System.Web.Security;

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = , AllowMultiple =     (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > )    cookie = (cookie ==  || cookie.Count < = =  ( perCookie  cookie[ (perCookie.Name === (ticket == =             = 

Create an ApiController base class ApiBase, inherited from ApiController:

 System.Web.Http;

The controllers of all APIs are inherited from ApiBase and no longer from ApiController.

After inheriting ApiBase, add AllowAnonymous to the Controller (or Action) that allows anonymous access (take LoginController as an example ):

 System.Web.Security;

   cookie = FormsAuthentication.GetAuthCookie(,  ticket = newTicket =  FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, =  

[Written at the end]

I checked a lot of Methods online and needed time to verify the rationality of each method.

Concerning the security of Web APIs, I personally think that the SSL method is more secure.

In addition, when judging the permissions of Web APIs written on the internet, actionContext. Request. Headers. Authorization is used to determine the permissions, as shown below:

 (actionContext.Request.Headers.Authorization ==  ticket =}

You have not completed the test. Please take a look at it ~~~