MVC custom Authorizeattribute for Rights management

"Go"MVC custom Authorizeattribute implement Rights Management

The original is from: small flying DD http://www.cnblogs.com/feiDD/articles/2844447.html

The Rights management of the website is a very important function, how to implement the Rights management of the website in MVC.

In MVC there is a class named Authorizeattribute, we can create our own feature Membervalidationattribute class, and then inherit the Authorizeattribute class to implement the management of our own site permissions. Then, by adding the Membervalidation attribute to the specific action, we will manage our rights management to a certain page.

Let me look at an example below.

First we create an empty MVC project. Create two controllers and three pages.

Home Controller

　　

public class Homecontroller:controller    {        ////        GET:/home/public        actionresult Index ()        {            return View ();        }    }

Page

　　

The user logs into the controller and adds a cookie to write code under login action.

　　

PublicClassMembercontroller:controller {////GET:/member/public ActionResult Index () { return View ();} public ActionResult Login () { var cookie = new HttpCookie (  "login "success" ); System.Web.HttpContext.Current.Response.SetCookie (cookie); return View ( Loginsuccess ");}       

Page

　　　　

　　　　

The above three relationships are, we want users to sign in first through the login page, after successful, after entering the home page. But then we can log in to the main page by entering "/home" in the address bar, which may cause an error. In the last project I did, it was necessary to do a verification of the user's batch order, if there is no verified orders are not to let the user through the Address field to enter the address to jump to the Order settlement page, or it will be an error. Here we need to add validation for a page to the appropriate action.

Here we add a class named Membervalidationattribute, let him inherit the Authorizeattribute class, here we only need to implement his Onauthorization method

　　　　

PublicClassMembervalidationattribute:authorizeattribute {PublicOverridevoidOnauthorization (AuthorizationContext filtercontext) {//Access to login in cookiesvar membervalidation = System.Web.HttpContext.Current.Request.Cookies.Get ("Login");//If membervalidation is null or membervalidation is not equal to successif (membervalidation==null| | Membervalidation.value! = "success" // page jump to login page Filtercontext.result = new Redirecttorouteresult (new routevaluedictionary ( New {Controller= "member " index "})); return// by validating return; } } 

The attribute is then added to the index action under HomeController.

　　　

Class Homecontroller:controller    {        [membervalidation] public         actionresult Index ()        {            return View ();}}    

This is how to go through the URL to jump words can no longer be logged in the case to enter our home Index page.

There are two remaining questions to say here:

First: The successful login page did not add a jump to the home index button, so after the successful login to go through the URL to the home index.

Second: When the user logs in, the cookie login is emptied.

2013-5-22 Legacy Issue One

There is also a method called Authorizecore in Authorizeattribute, which returns a bool value indicating whether validation is passed. By verifying the words jump to the next page a, if not verified, then jump to the login page.

Protectedoverride boolvar Cook = System.Web.HttpCon Text. Current.Request.Cookies.Get ( "customerinfo "); if (Cook! = nullif (Cook. ToString ()! =  ""  "{ return truereturn false   

The login page is set up in Web. config. As follows:

 <system.web > <authentication mode= "Forms" > Span style= "color: #0000ff;" ><forms loginurl= " ~/account/loginpage " Timeout=" 2880 "/> </authentication > </system.web< Span style= "color: #0000ff;" >>                 

Loginurl is to jump to the login page, which is in the URL address bar will carry a address, as a jump after successful login.

Public ActionResult LoginPage (string ReturnUrl)        {            null) Viewbag.returnurl =return  View (); }