MVC uses Controller instead of Filter to complete logon verification (Session verification) study notes 5, mvcfilter

MVC uses Controller instead of Filter to complete logon verification (Session verification) study notes 5, mvcfilter

In the previous study, Filter is usually used for Logon verification when Session verification is completed. The method is similar to the previous error log filtering method. That is, the new Filter class inherits the ActionFilterAttribute class, override the OnActionExecuting method, and then add the Filter mark before the Action to be verified.

1. New login verification class CheckLoginAttribute

using System.Web.Mvc;namespace PMS.WebApp.Models{  public class CheckLoginAttribute:ActionFilterAttribute  {    public override void OnActionExecuting(ActionExecutingContext filterContext)    {      base.OnActionExecuting(filterContext);      if (filterContext.HttpContext.Session == null || filterContext.HttpContext.Session["user"] == null)      {        filterContext.HttpContext.Response.Redirect("/User/Login");      }    }  }}

2. Add a tag to the Action to be verified to complete the verification.

using System.Web.Mvc;using PMS.IBLL;using PMS.WebApp.Models;namespace PMS.WebApp.Controllers{  public class UserController : Controller  {    //    // GET: /User/    //private IUserService _userService;    //private IUserService UserService    //{    //  get { return _userService ?? (_userService = new UserService()); }    //  set { _userService = value; }    //}    private IUserService UserService { get; set; }    [CheckLogin]    public ActionResult Index()    {      return Content("OK");    }  }}

Note:Do not register the verification class in the RegisterGlobalFilters method. Otherwise, it is equivalent to adding verification to all actions.

To use this method, you need to add a filter tag before each Action method, and the efficiency is not very high. Our project uses a simpler and more efficient method: Use the Controller for login verification.

1. Create a new Controller parent class for verification, and rewrite the OnActionExecuting method in it to complete login verification:

using System.Web.Mvc;namespace PMS.WebApp.Controllers{  public class FilterController : Controller  {    protected override void OnActionExecuting(ActionExecutingContext filterContext)    {      base.OnActionExecuting(filterContext);      if (Session["user"] == null)      {        //filterContext.HttpContext.Response.Redirect("/User/Login");        filterContext.Result = Redirect("/User/Login");      }    }  }}

In the OnActionExecuting method of the Controller validation class, the following code is provided:

// FilterContext. HttpContext. Response. Redirect ("/User/Login ");
FilterContext. Result = Redirect ("/User/Login ");

The reason why we use the latter to give up the former is that ASP. net mvc stipulates that Action must return ActionResult. If the former is used, the request page will be first entered before the jump is completed, which does not meet the original intention of using the filter.

2. Then, let the Controller to be verified inherit from the verification Controller we defined to complete the global login verification operation:

using System.Web.Mvc;using PMS.IBLL;namespace PMS.WebApp.Controllers{  public class UserController : FilterController//Controller  {    //    // GET: /User/    //private IUserService _userService;    //private IUserService UserService    //{    //  get { return _userService ?? (_userService = new UserService()); }    //  set { _userService = value; }    //}    private IUserService UserService { get; set; }    //[CheckLogin]    public ActionResult Index()    {      return Content("OK");    }  }}

Next we will compare the advantages and disadvantages of the two methods

The Filter definition process is complex and less efficient. However, each Action can be filtered separately. The same Action can also contain multiple pieces of Filter information, which is flexible to use.

The Controller definition is simpler and more efficient, but it can only filter all the methods in the Controller. It is not easy for the same Controller to have multiple controllers to filter parent classes.

To sum up, most of the actual project needs to complete login verification for all methods under the same Controller. Therefore, it is more efficient to use the Controller filter to cope with complex requirements, flexible mixing of the two methods is also a good strategy.

The above is all the content of this article. I hope it will be helpful for your learning and support for helping customers.