Learning ASP. NET 4.5 mvc4.0 (4) with me)

First fewArticleAbout mvc4.0. Today, let's take a look at login verification, which can also be called permission verification, that is, authorizeattribute. This can be used on the Controller controller or the action method. Here, we mainly want to introduce how to extend the permission verification and the page redirection of Access prohibited.

 

Let's take a look at it first.CodeThen, you can get twice the result with half the effort in the analysis. The specific code is as follows. Of course, you can also perform verification extension, which depends on your needs.

1 ///   <Summary>
2 /// Permission verification attributes.
3 ///   </Summary>
4 Public Class Authorizeexattribute: authorizeattribute
5 {
6 ///   <Summary>
7 /// Initialize the permission verification class.
8 ///   </Summary>
9 ///   <Param name = "permissionname"> Permission name. </Param>
10 Public Authorizeexattribute ( String Permissionname = "" ){
11 This . Permissionname = permissionname;
12 }
13 ///   <Summary>
14 /// Obtain the permission name.
15 ///   </Summary>
16 Public String Permissionname { Get ; Private Set ;}
17
18 ///   <Summary>
19 /// Verify authorization.
20 ///   </Summary>
21 ///   <Param name = "httpcontext"> HTTP context, which encapsulates all http-specific information about a single HTTP request. </Param>
22 ///   <Returns> True if the user has been authorized; otherwise false. </Returns>
23 Protected Override Bool Authorizecore (httpcontextbase httpcontext)
24 {
25 If (Httpcontext = Null )
26 Return False ;
27 If (Httpcontext. User. Identity. isauthenticated)
28 {
29 VaR User = users. Current;
30 If (! User. isanonymous & isallow (User )&& Base . Authorizecore (httpcontext ))
31 Return True ;
32 }
33 Httpcontext. response. statuscode = 403 ;
34 Return False ;
35 }
36
37 Private Bool Isallow (User user)
38 {
39 // Write Verification Code
40 Return True ;
41 }
42
43 ///   <Summary>
44 /// Rewrite verification.
45 ///   </Summary>
46 ///   <Param name = "filtercontext"> Verify the information context. </Param>
47 Public Override Void Onauthorization (authorizationcontext filtercontext)
48 {
49 Base . Onauthorization (filtercontext );
50 If (Filtercontext. httpcontext. response. statuscode = 403 )
51 {
52 If (Filtercontext. httpcontext. User. Identity. isauthenticated)
53 Filtercontext. Result = New Redirectresult ( " /Accesserror " );
54 Else
55 Filtercontext. Result = New Redirectresult (formsauthentication. loginurl + " ? Returnurl = " + Filtercontext. httpcontext. Request. urlreferrer );
56 }
57 }

58}

 

Here, user is a user entity class defined by myself, and users is the method class of this entity class. Here, code is subsidized and can be implemented by itself, because different applications are different. If you know the name of the permission verification, you can use it to obtain the value of the permission, so that you can verify whether the current user's permission has been verified. You only need to rewrite his code to implement verification. In order to be able to tell the front-end user and prompt that access is forbidden, an accesserror page is set here.

 

Of course, the returned pages are different. When an anonymous user is added, he needs to log on to the logon page. If the user is logged on, the logon page is disabled. This is only a filter that needs to be verified during development and will be used in ASP. net mvc development.

 

ASP. net mvc 4.0 improvements:

 

I found that after mvc4.0, Microsoft added an allowanoumous filter for authentication, that is, Anonymous Users are allowed to access the filter, and the filter on the method can overwrite the mark on the controller. This is a benefit because many places can be accessed only after logon, but such as login pages and registration pages do not need to be logged on. But it is usually stored in the account controller, which can be easily verified. I don't want to talk much about it because I want to learn something and give it to others...