zoukankan      html  css  js  c++  java
  • asp.net mvc 5 利用ActionFilterAttribute实现权限过滤

     关于c#属性的教程:http://www.runoob.com/csharp/csharp-attribute.html

    在asp.net mvc5中,可以利用ActionFilterAttribute类,以添加属性的方式很方便地实现权限管理。

    这里我们用一个简单案例来作为演示。

    vs2017新建asp.net mvc5 项目,models文件夹新建AuthorizeFilterAttribute.cs:

    using System.Web.Mvc;
    
    namespace AuthDemo.Models
    {
    
        public class AuthorizeFilterAttribute:ActionFilterAttribute
        {
            public override void OnActionExecuting(ActionExecutingContext filterContext)
            {
                base.OnActionExecuting(filterContext);
    
                string auth = filterContext.HttpContext.Request.Cookies["auth"]?.Value;
    
                bool isPass = string.Equals(auth,"true");
    
                if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute),true))  //判断action是否有 [AllowAnonymous] 属性。这句很重要,如果不写的话 [AllowAnonymous] 就失效了
                {
                    return;
                }
    
                if (isPass)
                {
                    return;
                }
                filterContext.Result = new ContentResult { Content = "权限不足" };
            }
        }
    }

    HomeController进行修改:

    using AuthDemo.Models;
    using System.Web;
    using System.Web.Mvc;
    
    namespace AuthDemo.Controllers
    {
        [AuthorizeFilter]
        public class HomeController : Controller
        {
            [AllowAnonymous]   //允许绕过AuthorizeFilter
            public ActionResult Index()
            {
                return View();
            }
    
            public ActionResult About()
            {
                ViewBag.Message = "Your application description page.";
    
                return View();
            }
    
            public ActionResult Contact()
            {
                ViewBag.Message = "Your contact page.";
    
                return View();
            }
    
            [AllowAnonymous]
            public ActionResult Auth()
            {
                Response.Cookies.Remove("auth");
                Response.Cookies.Add(new HttpCookie("auth","true"));
                return Content("cookie设置成功");
            }
    
            public ActionResult TestAuth()
            {
                return Content("拥有权限");
            }
        }
    }

    一开始访问TestAuth方法显示的是权限不足,访问auth方法后在访问testauth方法则显示拥有权限。

    如果不想用系统自带的AllowAnonymous类也可以自定义类。比如AuthorizeFilterAttribute修改成:

    using System.Web.Mvc;
    
    namespace AuthDemo.Models
    {
    
        public class AuthorizeFilterAttribute:ActionFilterAttribute
        {
            public override void OnActionExecuting(ActionExecutingContext filterContext)
            {
                base.OnActionExecuting(filterContext);
    
                string auth = filterContext.HttpContext.Request.Cookies["auth"]?.Value;
    
                bool isPass = string.Equals(auth,"true");
    
                if (filterContext.ActionDescriptor.IsDefined(typeof(NoAuthRequireAttribute),true))  //即使使用了自定义类也不能省略这句。
                {
                    return;
                }
    
                if (isPass)
                {
                    return;
                }
                filterContext.Result = new ContentResult { Content = "权限不足" };
            }
        }
    
    
        public class NoAuthRequireAttribute : ActionFilterAttribute
        {
            public override void OnActionExecuting(ActionExecutingContext filterContext)
            {
                base.OnActionExecuting(filterContext);
            }
        }
    }

    HomeController改成:

    using AuthDemo.Models;
    using System.Web;
    using System.Web.Mvc;
    
    namespace AuthDemo.Controllers
    {
        [AuthorizeFilter]
        public class HomeController : Controller
        {
            [AllowAnonymous]
            public ActionResult Index()
            {
                return View();
            }
    
            public ActionResult About()
            {
                ViewBag.Message = "Your application description page.";
    
                return View();
            }
    
            public ActionResult Contact()
            {
                ViewBag.Message = "Your contact page.";
    
                return View();
            }
    
            [NoAuthRequire]
            public ActionResult Auth()
            {
                Response.Cookies.Remove("auth");
                Response.Cookies.Add(new HttpCookie("auth","true"));
                return Content("cookie设置成功");
            }
    
            public ActionResult TestAuth()
            {
                return Content("拥有权限");
            }
        }
    }

    同样可以实现。

  • 相关阅读:
    深入剖析.NET运行机制
    在浏览器地址中加参数
    mysql 中文乱码
    今天在看一些面试题的时候遇到的一个关于strcmp()返回值的细节问题
    如何在学习过程中统一IDE的编码!
    通过文件方式,在文件内容开头写入字符串!
    Java编写圆的相关计算
    leetcode 上的Counting Bits 总结
    cocos2dx打包apk
    CEGUI0.8.4例子
  • 原文地址:https://www.cnblogs.com/axel10/p/8629383.html
Copyright © 2011-2022 走看看