代码顺序为:OnAuthorization-->AuthorizeCore-->HandleUnauthorizedRequest
如果AuthorizeCore返回false时,才会走HandleUnauthorizedRequest 方法,并且Request.StausCode会返回401,401错误又对应了Web.config中
的
<authentication mode="Forms">
<forms loginUrl="~/" timeout="2880" />
</authentication>
所有,AuthorizeCore==false 时,会跳转到 web.config 中定义的 loginUrl="~/"
[csharp] view plaincopy
01.public class CheckLoginAttribute : AuthorizeAttribute
02. {
03.
04. protected override bool AuthorizeCore(HttpContextBase httpContext)
05. {
06. bool Pass = false;
07. if (!CheckLogin.AdminLoginCheck())
08. {
09. httpContext.Response.StatusCode = 401;//无权限状态码
10. Pass = false;
11. }
12. else
13. {
14. Pass = true;
15. }
16.
17. return Pass;
18. }
19.
20.
21.
22. protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
23. {
24. base.HandleUnauthorizedRequest(filterContext);
25. if (filterContext.HttpContext.Response.StatusCode == 401)
26. {
27. filterContext.Result = new RedirectResult("/");
28. }
29. }
30.
31.
32.
33. }
AuthorizeAttribute的OnAuthorization方法内部调用了AuthorizeCore方法,这个方法是实现验证和授权逻辑的地方,如果这个方法返回true,
表示授权成功,如果返回false, 表示授权失败, 会给上下文设置一个HttpUnauthorizedResult,这个ActionResult执行的结果是向浏览器返回
一个401状态码(未授权),但是返回状态码没什么意思,通常是跳转到一个登录页面,可以重写AuthorizeAttribute的
HandleUnauthorizedRequest
[csharp] view plaincopy
01.protected override void HandleUnauthorizedRequest(AuthorizationContext context)
02. {
03. if (context == null)
04. {
05. throw new ArgumentNullException("filterContext");
06. }
07. else
08. {
09. string path = context.HttpContext.Request.Path;
10. string strUrl = "/Account/LogOn?returnUrl={0}";
11.
12. context.HttpContext.Response.Redirect(string.Format(strUrl, HttpUtility.UrlEncode(path)), true);
13.
14. }
15.
16. }