MVC Filter Detailed

Source: Internet
Author: User
Tags setcookie types of filters

Every request in Aps.net MVC (hereinafter referred to as "MVC") is assigned to the appropriate controller and corresponding behavior method to be processed, and in the back and forth of these processing, if you want to add some additional logic processing. The filter is used at this time.

There are four types of filters supported by MVC: Authorization (Authorization), Action (behavior), result (result), and exception (exception). As shown in the table below,

Filter type

Interface

Describe

Authorization

Iauthorizationfilter

This type (or filter) is used to restrict access to a behavior method of the controller or controller

Exception

Iexceptionfilter

Used to specify a behavior that the specified behavior handles a behavior method or an exception thrown in a controller

Action

Iactionfilter

Processing before or after entering a behavior

Result

Iresultfilter

Used to return the previous or subsequent processing of the result

However, there are only three filters implemented by default, authorize (authorization), Actionfilter,handleerror (error handling), and various information as shown in the following table

Filter filters

Class name

Implementing interfaces

Describe

Actionfilter

Authorizeattribute

Iauthorizationfilter

This type (or filter) is used to restrict access to a behavior method of the controller or controller

HandleError

Handleerrorattribute

Iexceptionfilter

Used to specify a behavior that the specified behavior handles a behavior method or an exception thrown in a controller

Custom

ActionFilterAttribute

Iactionfilter and Iresultfilter

Handling before or after processing or returning results before or after entering the behavior

The filter described below, in addition to the above several, but also add a filter outputcache

1 Authorization Filter Authorize

1.1 Default authorize use

Now on the Internet, whether it is required to verify the location of more than, e-mail, shopping, and sometimes even spit a slot to be prompted to sign in. Some of the operations here are permitted only if the authorization is authenticated. In MVC, authorize can be used to implement. For example, a simple password change operation

[Authorize]          Public actionresult ChangePassword ()        {            return  View ();        }

It requires the user to pass the authorization to enter into this behavior method, otherwise hard to request that page, will only get this result

If you want to pass authentication, by calling the Formsauthentication.setauthcookie method to get authorization, the landing page is as follows

@model filtertest.models.loginmodel@{Layout=NULL;}<! DOCTYPE html>@using (Html.BeginForm ()) {<div>ID: @Html. textboxfor (M=m.username)<br/>Password: @Html. passwordfor (M=M.password)<br/> <input type="Submit"Value="Login"/> </div>    }    </div></body>
[HttpPost]//The predicate filter is used here, only the POST request is processed .         Publicactionresult Login (Loginmodel login) {if(Login. UserName = ="Admin"&& Login. Password = ="123456") {Formsauthentication.setauthcookie (login. UserName,false); returnRedirect ("/customer/changepassword"); }            returnView (); }

Of course, there must be logged off, because the logout is in the login after the occurrence, no login success is not logged out, so the behavior of the logoff method also add authorize filter, logout call is the FormsAuthentication.SignOut method, the code is as follows

[Authorize]          Public actionresult LogOut ()        {            formsauthentication.signout ();             return Redirect ("/customer/login");        }

1.2 Custom Authorization

We do not have to use the MVC default authorize authorization validation rules, rules can be self-defined, custom authorization filter can inherit Authorizeattribute this class, there are two methods in this class is to be rewritten

    • BOOL Authorizecore (HttpContextBase HttpContext): Here is the logical processing of authorization validation, which returns true by authorization and returns False if not.
    • void Handleunauthorizedrequest (AuthorizationContext filtercontext): This method is a matter of handling authorization failures.

This defines a comparison of the ride of the authorization processor, when the request is just an even minute, the authorization can be obtained, and vice versa. When the authorization fails, it jumps to the landing page.

  Public classMyauthorizeattribute:authorizeattribute {protected Override BOOLAuthorizecore (HttpContextBase HttpContext) {//return base. Authorizecore (HttpContext);            returnDateTime.Now.Minute%2==0        }                protected Override voidhandleunauthorizedrequest (AuthorizationContext filtercontext) {filterContext.HttpContext.Response. Redirect ("/customer/login"); //base. Handleunauthorizedrequest (filtercontext);        }    }
[Myauthorize]          Public actionresult ShowDetail ()        {            return  View ();        }

Custom filters:

Controller code:

[Checklogin]//here is a custom attribute to reference the appropriate namespace PublicActionResult Index () {returnView ();} PublicActionResult Login ()//This action automatically writes the login information to the cookie.{HttpCookie Hcusername=NewHttpCookie ("username","Admin"); HttpCookie Hcpassword=NewHttpCookie ("Password","123456");  System.Web.HttpContext.Current.Response.SetCookie (Hcusername);  System.Web.HttpContext.Current.Response.SetCookie (Hcpassword); returnView ();}

Filter Code:

 Public classChecklogin:actionfilterattribute {//It was a bit messy before the action was executed, but it was just a matter of judging the cookie user name password.      Public Override voidonactionexecuting (ActionExecutingContext filtercontext) {httpcookiecollection Cookiecollect= System.Web.HttpContext.Current.Request.Cookies;if(cookiecollect["username"] ==NULL|| cookiecollect["Password"] ==NULL) {Filtercontext.result=NewRedirectresult ("/home/login"); }      Else      {        if(cookiecollect["username"]. Value! ="Admin"&& cookiecollect["Password"]. Value! ="123456") {Filtercontext.result=NewRedirectresult ("/home/login"); }      }    }  }

The effect of this filter is to jump to the login page when the user name and password are incorrect in the user's cookie, and note that the filter can also be placed at the top of the entire controller class, indicating that all actions under the controller perform the check. In this way, the code in the controller is very beautiful, and no action is filled with the code to determine the login.

Global Filters

Sometimes we think that some public methods need to be executed by each action, but do not want to be on each controller on the action tag, what to do? Fortunately, ASP. Net MVC3 brings a nice thing to the global filter. And how to register the global filter? The answer is in the Global.asax. Let's look at the following code, how I registered the Testfilterattribute we defined above into the global filter.

  Public Static void registerglobalfilters (globalfiltercollection filters)        {            filters. ADD (new  Handleerrorattribute ());             // registering a global filter            Filters. ADD (new Testfilterattribute () {message=" global "});        

This will execute this filter for each action, without having to label each controller top.

MVC Filter Detailed

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.