[Authorize] Public classHomecontroller:controller {[allowanonymous] PublicActionResult Login () {stringUserName ="Admin"; stringPassword ="123456"; //1.0 automatically generate cookiesFormsauthentication.setauthcookie (UserName,false); //2.2 Creating cookies manually//Setting Ticket informationFormsAuthenticationTicket ticket =NewFormsAuthenticationTicket (1, UserName, DateTime.Now, DateTime.Now.AddMinutes ( -),false, password); //Encrypt stringStrticket =Formsauthentication.encrypt (ticket); //Generate CookiesHttpCookie cookie =NewHttpCookie (Formsauthentication.formscookiename, Strticket); Cookies. Expires=ticket. expiration; RESPONSE.COOKIES.ADD (cookie); returnView (); } PublicActionResult SignOut () {stringName =ControllerContext.HttpContext.User.Identity.Name; vardata =((formsidentity) ControllerContext.HttpContext.User.Identity). Ticket.userdata; FormsAuthentication.SignOut (); returnView (); } }
Authorizeattribute Source
Http://www.cnblogs.com/icyJ/p/MVC_Authorize.html
Public Virtual voidonauthorization (AuthorizationContext filtercontext) {if(Filtercontext = =NULL) { Throw NewArgumentNullException ("Filtercontext"); } if(Outputcacheattribute.ischildactioncacheactive (Filtercontext)) {Throw NewInvalidOperationException (Mvcresources.authorizeattribute_cannotusewithinchildactioncache); } BOOLSkipauthorization = filterContext.ActionDescriptor.IsDefined (typeof(Allowanonymousattribute), Inherit:true) || FilterContext.ActionDescriptor.ControllerDescriptor.IsDefined (typeof(Allowanonymousattribute), Inherit:true); if(skipauthorization) {return; } if(Authorizecore (Filtercontext.httpcontext)) {httpcachepolicybase CachePolicy=FilterContext.HttpContext.Response.Cache; Cachepolicy.setproxymaxage (NewTimeSpan (0)); Cachepolicy.addvalidationcallback (Cachevalidatehandler,NULL /*Data*/); } Else{handleunauthorizedrequest (filtercontext); }}
Implement Authentication Yourself
Public classActionValidateAttribute:System.Web.Mvc.AuthorizeAttribute {#regionDetermine whether to log in and have permission/// <summary> ///determine whether to log in and have permission/// </summary> /// <param name= "Filtercontext" ></param> Public Override voidonauthorization (System.Web.Mvc.AuthorizationContext filtercontext) {//1.0 Domain Name acquisition (all authentication) stringStrarea = FilterContext.RouteData.DataTokens.Keys.Contains (" Area") ?filtercontext.routedata.datatokens[" Area"]. ToString (). ToLower ():NULL; stringStrcontroller=FilterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower (); stringstraction=FilterContext.ActionDescriptor.ActionName.ToLower (); //1.1 A collection that requires validation of the zone. Depending on the situation, we don't have a subregion at the moment, so it's all verified.//1.2 Determine whether the request route is contained in the above collection//2.0 Determine if the Skip feature is included (normal login, logout skip) if(! Doesskip<myauthentication.attributes.skipattribute>(Filtercontext)) { //3.0 If you do not skip to determine whether the login status BOOLIsLogin =OperateContext.Current.IsLogin (); //3.1 If no login redirect to landing page if(!IsLogin) {Filtercontext.result= OperateContext.Current.Redirect ("/home/login", Filtercontext.actiondescriptor); } ////4.0 has landed, judging whether there is permission //bool Haspermission=operatecontext.current.haspermission (strarea,strcontroller,straction); ////4.1 Redirect to landing page if no permissions //if (!haspermission)//{filtercontext.result = OperateContext.Current.Redirect ("/home/login", Filtercontext.actiondescriptor);} } //base. Onauthorization (filtercontext); } #endregion #regionDetermine if there is a skip feature +doesskip<t> (System.Web.Mvc.AuthorizationContext filtercontext)/// <summary> ///determines whether the specified attribute is included/// </summary> /// <typeparam name= "T" ></typeparam> /// <param name= "Filtercontext" ></param> /// <returns></returns> protected BOOLDoesskip<t> (System.Web.Mvc.AuthorizationContext filtercontext)whereT:attribute {if(!filtercontext.actiondescriptor.isdefined (typeof(T),false) &&!filtercontext.actiondescriptor.controllerdescriptor.isdefined (typeof(T),false)) { return false; } return true; } #endregion }
Public class Skipattribute:attribute { }
Authorize and AllowAnonymous