首先是拦截器
public class AuthLoginAttribute : ActionFilterAttribute { public bool IsLogin = true; /// <summary> /// 登录状态 /// </summary> public AuthLoginAttribute() { IsLogin = true; } /// <summary> /// 登录状态 /// </summary> /// <param name="islogin"></param> public AuthLoginAttribute(bool islogin) { IsLogin = islogin; } /// <summary> /// 判断登录状态 /// </summary> /// <param name="filterContext"></param> public override void OnActionExecuting(ActionExecutingContext filterContext) { //排除例外 if (!IsLogin) return; string loginUrl = "/Home/Login"; //上一次请求地址 string refUrl = filterContext.HttpContext.Request.UrlReferrer != null ? filterContext.HttpContext.Request.UrlReferrer.ToString() : loginUrl; //控制器 string controlName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower(); //方法 string actionName = filterContext.ActionDescriptor.ActionName.ToLower(); //子方法 bool isChildAction = filterContext.IsChildAction; //是否为异步请求 bool isAjax = filterContext.HttpContext.Request.IsAjaxRequest(); UserBaseController controller = filterContext.Controller as UserBaseController; if (!controller.IsLogin) { //异步处理 if (isAjax) { //这里可以添加一些过滤登录的异步操作如:公共上传图片 JsonResult jr = new JsonResult(); jr.Data = new BaseResponse<object> { ErrorCode = 500, Message = "请先登录!", Data = "need login" }; filterContext.Result = jr; } else if (filterContext.IsChildAction) { filterContext.Result = new ContentResult() { Content = "请先登录!" }; } else { string pq = null; if (filterContext.HttpContext.Request.Url != null) { pq = filterContext.HttpContext.Request.Url.PathAndQuery; } filterContext.Result = new RedirectResult(loginUrl); } } else { //权限判断 var userAuthority = OperSession.UserAuthority; string noAuth = "/Home/NoAuthorityUser?back=" + HttpUtility.UrlEncode(refUrl); if (userAuthority == null || userAuthority.Count == 0) { filterContext.Result = new RedirectResult(noAuth); } else { string route = "/" + controlName + "/" + actionName; //排除首页登陆,异步 if (route == "/home/index" || route == "/home/login" || isAjax || route == "/admin/userprofile" || route == "/admin/index") return; //进行检测 是否有可访问的权限 if (!userAuthority.Exists(a => a.Action?.ToLower() == actionName && a.Controller?.ToLower() == controlName)) { filterContext.Result = new RedirectResult(noAuth); } } } } }
登陆验证代码
/// <summary> /// 用户登录 /// </summary> /// <param name="uName"></param> /// <param name="uPwd"></param> /// <param name="uIP">客户端IP</param> /// <param name="sessionID">sessionID</param> /// <param name="isMD5">是否MD5加密</param> /// <returns></returns> public LoginResult ValidateLogin(string uName, string uPwd, string uIP, string sessionID, bool isMD5 = true) { string pwdMd5 = uPwd; if (isMD5) { pwdMd5 = uPwd.Crypt_MD5_Encode(32); } VUser loginUser = GetUser(uName, pwdMd5); if (loginUser == null) { return new LoginResult() { Message = "账号或密码错误。", ResultType = 0 }; } if (!loginUser.IsEnable) { return new LoginResult() { Message = "账号已禁用,请联系管理员。", ResultType = 0 }; } //用户权限初始化 var urCatalogue = loginUser.Permissions.IsNullOrEmpty()?new List<VPermission>():PermissionBll.GetIntence().GetUserCatalog(loginUser.Permissions); if (urCatalogue.Count > 0) { //IList<Dictionary<int, IEnumerable<SysRoleExtensionInfo>>> menuData = new IList<Dictionary<int, IEnumerable<SysRoleExtensionInfo>>>(); //var pMenu = urCatalogue.Where(a => a.ParentID == 0); //foreach (var pItem in pMenu) //{ // var cMenu = urCatalogue.Where(a => a.ParentID == pItem.ID); // foreach (var cItem in cMenu) // { // var ccMenu = urCatalogue.Where(a => a.ParentID == cItem.ID); // foreach (var ccItem in ccMenu) // { // menuData.Add(pItem.CatalogueID, urCatalogue.Where(a => a.ParentID == pItem.ID)); // } // } //} loginUser.ProjPermissions = loginUser.DataPermissions.IsNullOrEmpty()?new List<DataPermission>():loginUser.DataPermissions.ToObjectFromJson<List<DataPermission>>(); //权限记录 OperSession.UserAuthority = urCatalogue.ToList(); //记录登录用户信息 loginUser.LoginSessionID = sessionID; loginUser.LoginIP = uIP; Helper.OperSession.UserInfo = loginUser; return new LoginResult() { Message = "登录成功。", ResultType = 1 }; } return new LoginResult() { Message = "该登录用户没有权限。", ResultType = 0 }; }
public class OperSession { /// <summary> /// 后台操作员登录信息 /// </summary> public static VUser UserInfo { get { if (HttpContext.Current.Session[ConstVar.UserSessionKey] != null) { return HttpContext.Current.Session[ConstVar.UserSessionKey] as VUser; } return null; } set { HttpContext.Current.Session[ConstVar.UserSessionKey] = value; } } /// <summary> /// 用户权限 /// </summary> public static List<VPermission> UserAuthority { get { if (HttpContext.Current.Session[ConstVar.UserAuthorityKey] != null) { return HttpContext.Current.Session[ConstVar.UserAuthorityKey] as List<VPermission>; } return null; } set { HttpContext.Current.Session[ConstVar.UserAuthorityKey] = value; } } }
public class BaseResponse { public bool Success { get; set; } public int ErrorCode { get; set; } public string Message { get; set; } public object Data { get; set; } }