asp.net MVC Learning---(ix.) permission filtering mechanism (end article)

I believe that the right to filter the big guys are not unfamiliar

When a user wants to access a page

First, the authority of the judge and the corresponding processing action

In the WebForm

The most direct and original way is

Before all the code in the Page_Load event

The first way to perform a permission decision

As for its professional competence mechanism, there is no discussion here.

Students who want to know their own Google

Or click to enter:

The authority authentication mechanism of WebForm speciality

So how do you implement permission validation in MVC?

As far as we know

In MVC, a method in the Controller class is requested based on the routing configuration

There is no Page_Load method in WebForm.

Are we going to call a method of permission judgments in each action method?

obviously impossible = =

How can lazy programs allow this to happen?

In fact, in the MVC framework

Provides a filter mechanism for programmers

Through the filter

We can control access right at our whim.

So next

Education Science Channel--come closer to science and bring you into the inner world of filters ~ ~

First, we can add a filter ourselves

Add a class named Myfilter1attribute

and inherits from the ActionFilterAttribute class (note that here the ActionFilterAttribute namespace is System.Web.Mvc don't quote wrong ~)

Now this myfilter1attribute is a filter class.

Because inheriting from the ActionFilterAttribute class

So the myfilter1attribute we add ourselves has some filtering methods.

Let's go to the definition of ActionFilterAttributeF12 and see what's inside.

As you can see, this actionfilterattribute is an attribute class (This is why people end up with attributes ~)

and implements two very important interfaces Iactionfilter,iresultfilter

We're going to go to the definition to see what's in these two interfaces.

Can see

Each of these two interfaces defines two methods, and since ActionFilterAttribute implements them, ActionFilterAttribute naturally will have these four methods

So what are these four ways?

We'll find out.

As we've said before, ActionFilterAttribute is actually a feature class

What is an attribute class.

For example, forward entity validation, label the field of the entity

The label is an attribute class

Other words

Attribute classes can be used in the form of labeling

And the Myfilter1attribute we add ourselves is also an attribute class

What's the use of it?

Wait, you'll know.

Now, first rewrite the OnActionExecuting method in Myfilter1attribute

In fact, we can probably introduce this method from the name of this method is to do something

Yes, the method will call before the action method executes

Conversely, another method in Iactionfilter--onactionexecuted is called after the action method has finished executing

Kothe

Here's the evidence:

public class Myfilter1attribute:actionfilterattribute
    {
        //This method invokes the public override void before the action method executes
        OnActionExecuting (ActionExecutingContext filtercontext)
        {
            FilterContext.HttpContext.Response.Write (" I am onactionexecuting, I invoke money in action method to execute <br/> ");
            Base. OnActionExecuting (Filtercontext);
        }

        This method calls the public
        override void OnActionExecuted (ActionExecutedContext filtercontext) After the action method is executed
        {
            FilterContext.HttpContext.Response.Write ("I am onactionexecuted, I execute <br/> after action method call");
            Base. OnActionExecuted (Filtercontext);
        }

    

Add an action method to the home controller

[MyFilter1]
        public void Filtertest ()
        {
             Response.Write ("I am the action method, executing ~~</br> here");
        }

Did you see it this time.

To use a filter in one action method

Just put a filter label on the method ok~
Build runs with the following results:

A strong proof ~

But sometimes we have this need:

In the filter, when you encounter an action method labeled XXX, skip validation.

What about this.

This easy operation can be done through the Filtercontext Actiondescriptor attribute class

Actiondescriptor, as the name suggests, describes the action method

In Actiondescriptor we can get the appropriate action method information and even get a controller to describe the Controllerdescriptor

The code is as follows:

This method calls the public
        override void OnActionExecuting (ActionExecutingContext filtercontext)
        {
            Before the action method executes FilterContext.HttpContext.Response.Write ("I am onactionexecuting, I execute <br/>" before action method calls);
            The action method is judged to have a myfilter1attribute label
            if (FilterContext.ActionDescriptor.IsDefined typeof ( Myfilter1attribute), False)
            {
                //If there is, return Contentresult directly for the action method, the action method has a return value here, which is the equivalent of ending here. Does not go after the execution of the method, such as: onactionexecuted et
                filtercontext.result = new Contentresult ();
            }
            Base. OnActionExecuting (Filtercontext);
        }

The result is as shown in figure:

As you can see, the Response.Write in the action method and in the onactionexecuted are not executed, that is, the action method is skipped

Before we used the method in the Iactionfilter interface.

Next, introduce the Iresultfilter interface method

Executes the public
        override void Onresultexecuting (ResultExecutingContext filtercontext)
        {
            After the action method returns the result FilterContext.HttpContext.Response.Write ("I am onactionexecuted, I action method returns results before executing <br/>");
            Base. Onresultexecuting (Filtercontext);
        }

        Executes the public
        override void Onresultexecuted (ResultExecutedContext filtercontext)
        {
            Before the action method returns the result FilterContext.HttpContext.Response.Write ("I am onresultexecuted, I execute <br/> after the action method returns the result");
            Base. Onresultexecuted (Filtercontext);
        }

There are also two methods in Iresultfilter

We change the filtertest to the following code:

[MyFilter1]
        Public ActionResult filtertest ()
        {
            Response.Write ("I am the Response.Write of the action method, which executes the ~~</br> here");
            return View ();
        }

and add the view as follows:

<body>
    <div>
        I am the filtertest view, where you perform the action method ~ ~
    </div>
</body>

Build and run, result diagram:

As you can see, the difference between the method in the Iresultfilter interface and the Iactionfilter method is that the execution location is different

But there is also a filter in the MVC framework

He's the permission filter. Authorizeattribute

The filter executes before all action method filters, that is, provides a method that can be validated in advance

We are adding a new filter class and inheriting from Authorizeattribute

Rewrite its Onauthorization method as follows:

Notice here that the Onauthorization method of the base class is removed, because we don't need it, and there may be some error anomalies left.

public class Myfilter2attribute:authorizeattribute
    {
        //execute public override void before all action method filters
        Onauthorization (AuthorizationContext filtercontext)
        {
            FilterContext.HttpContext.Response.Write (" I am onauthorization, before all action method filters execute <br/> ");
            Base. Onauthorization (Filtercontext);
        }
    

[MyFilter1]
        [MyFilter2]
        Public ActionResult filtertest ()
        {
            Response.Write ("I am the Response.Write of the action method, which executes the ~~</br> here");
            return View ();
        }

MyFilter2 Label for Filtertest method

Run:

There's a picture of evidence ~

So

We can choose the right way to verify the permissions as needed

But then again, there's a problem.

What's the problem?

This feature is attached to the action method

What if all the action methods in my controller have to be validated.

Do I have to post every action method?

If all the action methods in all the controllers in my program need to be validated.

Don't worry ~

Lazy programming guys don't do stupid things like that.

If all the methods in a controller need to be validated

Then we can put the label on the controller class uniformly, as follows:

So all of the action methods in the controller will be validated

So what if each controller class has to be validated.

This time we'll need to open the App_start folder.

Have you seen a Filterconfig class?

Double hit Open FilterConfig.cs

We can add a global filter here, such as:

Finally, we're introducing a filter for exception handling.

Add a filter class and inherit from Handleerrorattribute

public class Myfilter3attribute:handleerrorattribute
    {
        //exception anywhere in the program will perform public
        override void Onexception (Exceptioncontext filtercontext)
        {
            //Get exception object
            Exception ex = filtercontext.exception;
            Logging error log
            //guide Friendly error interface
            Filtercontext.result = new Redirectresult ("/home/index");
            Important.. Tell the system that the exception has been handled ... Without this step, the system will follow the normal exception handling process
            filtercontext.exceptionhandled = true;
            Base. Onexception (Filtercontext);
        }
    

Note that the onexception of the base class is not needed.

So where are the filters for exception handling?

It's gotta be the big picture!

Filters. ADD (New Myfilter3attribute ());

OK, fix it!

Don't believe you run look ~

asp.net mvc learning is all over.

Looking forward to the next progress.