ASP.NET MVC 提供Filters(筛选器)之前或之后调用操作方法执行筛选逻辑,和AOP面向切面编程一样。
本文已经同步到《Asp.net Vnext 系列教程 》中]
本章主要介绍AuthorizeAttribute
Authorize 属性,可以对控制器操做的声明性的授权检查。 现。
实例代码
启动类
services.ConfigureAuthorization(options => { //添加策略 options.AddPolicy("Api-Manager", policy => { //添加认证方案的名字 policy.ActiveAuthenticationSchemes.Add("Api"); //创建认证策略Claim policy.RequireClaim("Permission", "CanViewPage"); }); });
public void Configure(IApplicationBuilder app) { app.UseMiddleware<AuthorizeBasicMiddleware>("Api"); //添加中间件 }
中间件
public class AuthorizeBasicMiddleware : AuthenticationMiddleware<BasicOptions> { public AuthorizeBasicMiddleware( RequestDelegate next, IOptions<BasicOptions> options, string authScheme) : //这里必需是"Api" base(next, options, new ConfigureOptions<BasicOptions>(o => o.AuthenticationScheme = authScheme) { Name = authScheme }) { } protected override AuthenticationHandler<BasicOptions> CreateHandler() { //new 一个认证处理 return new BasicAuthenticationHandler(); } }
认证处理类
public class BasicAuthenticationHandler : AuthenticationHandler<BasicOptions> { protected override void ApplyResponseChallenge() { //验证失败进行跳转 // this.Response.Redirect("http://baidu.com"); } protected override void ApplyResponseGrant() { //验证失败清除Cookies //this.Response.Cookies.Delete("11"); } protected override AuthenticationTicket AuthenticateCore() { var principal = new ClaimsPrincipal(); //添加Claim principal.AddIdentity(new ClaimsIdentity( new Claim[] { new Claim("Permission", "CanViewPage"), }, Options.AuthenticationScheme)); //返回一个票据 return new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme); } }
控制器
public class AuthorizeUserController : Controller {
//策略名表示应用的策略 [Authorize("Api-Manager")] public string ApiManagers() { return "Hello World!"; }
这个时候我们修改一认证处理类
public class BasicAuthenticationHandler : AuthenticationHandler<BasicOptions> { protected override void ApplyResponseChallenge() { //验证失败进行跳转 this.Response.Redirect("http://baidu.com"); } protected override void ApplyResponseGrant() { //验证失败清除Cookies //this.Response.Cookies.Delete("11"); } protected override AuthenticationTicket AuthenticateCore() { var principal = new ClaimsPrincipal(); //添加Claim principal.AddIdentity(new ClaimsIdentity( new Claim[] { new Claim("Permission", "CanViewPage1"), }, Options.AuthenticationScheme)); //返回一个票据 return new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme); } }
在认证处理类没有找到相同的Claim,导致认证失败,跳转百度。
简单介绍过滤器,估计大家都会
IExceptionFilter 异常过滤器
IActionFilter 动作过滤器
IResultFilter 结果过滤器
AuthorizationFilterAttribute 认证过滤器
启动类中注册全局过滤器
services.Configure<MvcOptions>(options => { options.Filters.Add(new GlobalExceptionFilter()); options.Filters.Add(new GlobalActionFilter()); options.Filters.Add(new GlobalResultFilter()); options.Filters.Add(new GlobalAuthorizationFilter()); });
Asp.net vnext 文档
http://mvc.readthedocs.org/en/latest/index.html