zoukankan      html  css  js  c++  java
  • ASP.NET MVC自定义验证Authorize Attribute

    前几天Insus.NET有在数据库实现过对某一字段进行加密码与解密《使用EncryptByPassPhrase和DecryptByPassPhrase对MS SQLServer某一字段时行加密和解密http://www.cnblogs.com/insus/p/5983645.html

    那今次Insus.NET在ASP.NET MVC实现自定义验证Authorize Attribute。

    实现之前,Insus.NET对usp_Users_VeryLoginVerify修改一下,改为更好理解与使用:

    SET ANSI_NULLS ON
    GO
    SET QUOTED_IDENTIFIER ON
    GO
    ALTER PROCEDURE [dbo].[usp_Users_VeryLoginVerify]
    (
        @U_nbr NVARCHAR(20),
        @pwd NVARCHAR(100)
    )
    AS
    BEGIN    
        DECLARE @errmsg NVARCHAR(50) = N'用户名或密码错误。'
    
        IF NOT EXISTS(SELECT TOP 1 1 FROM [dbo].[Users] WHERE [U_nbr] = @U_nbr)
        BEGIN    
            RAISERROR(@errmsg,16,1)
            RETURN
        END
            
        SELECT [U_nbr] AS [Account] FROM [dbo].[Users] WHERE [U_nbr] = @U_nbr AND CONVERT(NVARCHAR(100),DECRYPTBYPASSPHRASE('insus#sec!%y',[Pwd]))  = @pwd  
    
        IF @@ROWCOUNT <= 0
        BEGIN    
            RAISERROR(@errmsg,16,1)
            RETURN
        END
    END
    Source Code

    OK,上面是数据库方面。
    接下你需要在ASP.NET MVC写程序:

    使用Cookie来存储登录以及验证信息,写一个Cookie类别:

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    
    namespace Insus.NET.Utilities
    {
        public abstract class CookieBase
        {
            private static HttpResponse Response
            {
                get
                {
                    return HttpContext.Current.Response;
                }
            }
            
            private static HttpRequest Request
            {
                get
                {
                    return HttpContext.Current.Request;
                }
            }
    
            public static HttpCookie Cookie
            {
                get
                {
                    return Request.Cookies["CookieBase"] as HttpCookie;
                }
                set
                {
                    if (Request.Cookies["CookieBase"] != null)
                    {
                        Request.Cookies.Remove("CookieBase");
                    }
                    Response.Cookies.Add(value);
                }
            }
    
            public static HttpCookie NewCookie
            {
                get
                {
                    return new HttpCookie("CookieBase");
                }
            }
    
            public static void RemoveCookie()
            {
                if (Cookie == null)
                    Response.Cookies.Remove("CookieBase");
                else
                    Response.Cookies["CookieBase"].Expires = DateTime.Now.AddDays(-1);
            }       
        }
    }
    Source Code

     
    其实上面这个CookeBase.cs是一个能存储多对象的集合类。在真正的程序中,你想存储什么信息,可以写一个如下面的类来操作:

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Threading.Tasks;
    using System.Web;
    
    namespace Insus.NET.Utilities
    {
       public class SecurityBase
        {
            public static bool IsAuthorized
            {
                get
                {
                    return CookieBase.Cookie == null ? false : bool.Parse(CookieBase.Cookie.Values["IsAuthorized"]);
                }
                set
                {
                    HttpCookie httpCookie = CookieBase.Cookie == null ? CookieBase.NewCookie : CookieBase.Cookie;
                    httpCookie.Values["IsAuthorized"] = value.ToString();
                    CookieBase.Cookie = httpCookie;
                }
            }
    
            public static string UserName
            {
                get
                {
                    return CookieBase.Cookie == null ? string.Empty : CookieBase.Cookie.Values["UserName"];
                }
                set
                {
                    HttpCookie httpCookie = CookieBase.Cookie == null ? CookieBase.NewCookie : CookieBase.Cookie;
                    httpCookie.Values["UserName"] = value;
                    CookieBase.Cookie = httpCookie;
                }
            }
    
            public static void RemoveCooke()
            {
                CookieBase.RemoveCookie();
            }
        }
    }
    Source Code


    接下来,我们需要创建一个验证过滤器:


    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Threading.Tasks;
    using System.Web;
    using System.Web.Mvc;
    using Insus.NET.Utilities;
    using System.Web.Routing;
    
    namespace Insus.NET.Attributes
    {
        public class SecurityAuthorizeAttribute : AuthorizeAttribute
        {
            protected override bool AuthorizeCore(HttpContextBase httpContext)
            {
                return SecurityBase.IsAuthorized;
            }
    
            public override void OnAuthorization(AuthorizationContext filterContext)
            {
                string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
                string actionName = filterContext.ActionDescriptor.ActionName;           
                base.OnAuthorization(filterContext);
            }
    
            protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
            {
                var routeValue = new RouteValueDictionary {
                    { "Controller", "Home"},
                    { "Action", "Index"}
                };
                filterContext.Result = new RedirectToRouteResult(routeValue);
            }
        }
    }
    Source Code

     
    这个过滤器SecurityAuthorizeAttribute.cs,稍后我们会在控制器中应用到它。

    接下你需要写控制器了,不,我们似乎少写了一些物件,如model和Entity:

    Models写好,还差一个Entity,这个实体是与数据连接的物件:

    在ASP.NET MVC中,实现登录验证的演示,最少需要两个控制器,一个是给匿名用户访问的,它包含普通的页面和一些基本的操作。另一个控制器是经过验证通过之后才能访问的页面。

    另一个控制器:

    最后是创建视图了:

    @{
        Layout = null;
    }
    
    <!DOCTYPE html>
    
    <html>
    <head>
        <meta name="viewport" content="width=device-width" />
        <title>Index</title>
    
        <style type="text/css">
            #logincontact label {
                display: inline-block;
                width: 100px;
                text-align: right;
            }
    
            #logincontact_submit {
                padding-left: 100px;
            }
    
            #logincontact div {
                margin-top: 1em;
            }
    
            .error {
                display: none;
                margin-left: 10px;
            }
    
            .error_show {
                color: red;
                margin-left: 10px;
            }
    
            input.invalid {
                border: 2px solid red;
            }
    
            input.valid {
                border: 2px solid green;
            }
        </style>
    
        <script src="~/Scripts/jquery-2.2.1.js"></script>
    
        <script type="text/javascript">
            ////<![CDATA[
            $(document).ready(function () {
                $('#logincontact_Account').on('input', function () {
                    var input = $(this);
                    var is_Account = input.val();
                    if (is_Account) {
                        input.removeClass("invalid").addClass("valid");
                    }
                    else {
                        input.removeClass("valid").addClass("invalid");
                    }
                });
    
    
                $('#logincontact_Password').on('input', function () {
                    var input = $(this);
                    var is_Password = input.val();
                    if (is_Password) {
                        input.removeClass("invalid").addClass("valid");
                    }
                    else {
                        input.removeClass("valid").addClass("invalid");
                    }
                });
    
    
                $('#ButtonSignIn').click(function (event) {
                    var form_data = $("#logincontact").serializeArray();
                    var error_free = true;
                    for (var input in form_data) {
                        var element = $("#logincontact_" + form_data[input]['name']);
                        var valid = element.hasClass("valid");
                        var error_element = $("span", element.parent());
    
                        if (!valid) {
                            error_element.removeClass("error").addClass("error_show");
                            error_free = false;
                        }
                        else {
                            error_element.removeClass("error_show").addClass("error");
                        }
                    }
    
                    if (!error_free) {
                        event.preventDefault();
                    }
                    else {
                        var obj = {};
                        obj.Account = $('#logincontact_Account').val(),
                        obj.Password = $('#logincontact_Password').val()
    
                        $.ajax({
                            type: 'POST',
                            url: '/Home/LoginVerify',
                            dataType: 'json',
                            data: JSON.stringify(obj),
                            contentType: 'application/json; charset=utf-8',
                            success: function (data, textStatus) {
                                alert("登录成功。");
                                window.location.href = "/User/Index";
                            },
                            error: function (XMLHttpRequest, textStatus, errorThrown) {
                                alert(errorThrown);
                            },
                        });
                    }
                });
            });
            //]]>
        </script>
    </head>
    <body>
        <form id="logincontact" method="post" action="">
            <div>
                <label for="logincontact_Account">Account:</label>
                <input type="text" id="logincontact_Account" name="Account" />
                <span class="error">This account field is required.</span>
            </div>
            <div>
                <label for="logincontact_Password">Password:</label>
                <input type="password" id="logincontact_Password" name="Password" />
                <span class="error">This password field is required.</span>
            </div>
            <div id="logincontact_submit">
                <input id="ButtonSignIn" type="button" value="Sign In" />
            </div>
        </form>
    </body>
    </html>
    Source Code

    还有一个:

    @{
        Layout = null;
    }
    
    <!DOCTYPE html>
    <html>
    <head>
        <meta name="viewport" content="width=device-width" />
        <title>Index</title>
        <script src="~/Scripts/jquery-2.2.1.js"></script>
    
        <script type="text/javascript">
            ////<![CDATA[
            $(document).ready(function () {
    
                $('#ButtonSignOut').click(function (event) {
                    $.ajax({
                        type: 'POST',
                        url: '/Home/SignOut',                                  
                        contentType: 'application/json; charset=utf-8',
                        success: function (data, textStatus) {
                            alert("已经安全退出网站。");
                            window.location.href = "/Home/Index";
                        },
                        error: function (XMLHttpRequest, textStatus, errorThrown) {
                            alert(errorThrown);
                        },
                    });
                });
            });
            //]]>
        </script>
    </head>
    <body>
        <div>
            Hi @ViewBag.UserName
            <br />
            <input id="ButtonSignOut" type="button" value="Sign Out" />
        </div>
    </body>
    </html>
    Source Code


    结束了,来一个实时演示吧:

  • 相关阅读:
    07微博绑定用户接口(我们的约定还算数嘛。)
    08vue 微博回调空页面(最终还是没能留住你。)
    06vue微博回调空页面 (你还会来嘛)
    05微博回调接口 (念念不忘,必有回响吗。)
    04vue获取微博授权url(再也得不到你了。)
    03生成微博授权的url接口(再也没有你了)
    02微博开放平台使用方法 (在哪也不会再遇见你了。)
    01微博三方登录原理讲解(再多三方登录,也看不到你的信息。)
    Django-celery异步短信验证码(0)
    Django之重写用户表注册接口(redis缓存)
  • 原文地址:https://www.cnblogs.com/insus/p/5994942.html
Copyright © 2011-2022 走看看