標籤:
ASP.MVC上實現許可權控制的方法很多,比如使用AuthorizeAttribute這個特性
1.建立自訂特性用於許可權驗證 public class AuthorizeDiy : AuthorizeAttribute { /// <summary> /// 提供一個入口用於自訂授權檢查 /// </summary> /// <param name="httpContext"></param> /// <returns></returns> protected override bool AuthorizeCore(HttpContextBase httpContext) { bool pass = false; HttpCookie cookie = HttpContext.Current.Request.Cookies["admin"]; if (cookie == null || cookie.Value == null) { httpContext.Response.StatusCode = 401; pass = false; } else { pass = true; } return pass; } /// <summary> /// 處理未能授權的Http請求 /// </summary> /// <param name="filterContext"></param> protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { base.HandleUnauthorizedRequest(filterContext); filterContext.HttpContext.Response.Write(filterContext.HttpContext.Response.StatusCode); if (filterContext.HttpContext.Response.StatusCode == 401) { //跳轉到登入介面 filterContext.Result = new RedirectResult("/Login"); } } }
重寫2個方法用於驗證處理授權請求和授權失敗。
2.建立控制器基類便於其他控制器繼承 [AuthorizeDiy] public class BaseAdminController:Controller { }
注意使用自訂特性
3.登入控制器的寫法 /// <summary> /// 登入控制器 /// </summary> public class LoginController : BaseAdminController { // // GET: /Login/ [AllowAnonymous] public ActionResult Index() { return View(); } [HttpPost] [AllowAnonymous] public JsonResult LoginCheck() { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, "admin", DateTime.Now, DateTime.Now.AddDays(1), true, Newtonsoft.Json.JsonConvert.SerializeObject(new {name="test"})); string ticString = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie("admin", ticString); Response.Cookies.Add(cookie); object result = new { success = true }; return this.Json(result); } }
注意:繼承基類,並且使用MVC自訂特性進行授權此處只是簡單實現。注意:跳轉登入和驗證登入的2個action必須使用Allowanonymous特性否則登入介面的許可權驗證無法通過會出現重複定向多次的錯誤
4.其他頁面的Demo登入視圖:
@{ ViewBag.Title = "Index";}<script src="~/Scripts/jquery-1.8.2.min.js"></script><h2>這個是登入介面</h2><form class="formClass"> <button>登入</button></form><script> $(function () { $(".formClass").submit(function () { $.post("/Login/LoginCheck", {}, function (r) { alert(JSON.stringify(r)); if (r) { location.href = "/Home/Index"; } else { alert("登入失敗"); } }); return false; }) })</script>View Code
主視圖:
@{ ViewBag.Title = "Index"; }<script src="~/Scripts/jquery-1.8.2.min.js"></script><h2>Index</h2><script> $(function () { })</script>View Code
首頁控制器:
public class HomeController : BaseAdminController { // // GET: /Home/ public ActionResult Index() { return View(); } }View Code5.效果
先正常操作,然後清空緩衝,實現許可權控制效果,MVC路由指向Home控制器的Index
當進入首頁時發現未授權自動跳轉至登入介面
ASP.MVC 基於AuthorizeAttribute許可權設計案例
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
