AuthorizeAttribute
AuthorizeAttribute 这个Filter实现了IAuthorization这个接口,是Asp.Net MVC提供的认证和授权功能的实现,要实现自己的认证和授权功能
只需要继承AuthorizeAttribute,然后覆盖它的方法就可以了 .
public class MyAuthAttribute : AuthorizeAttribute
{
...
...
}
{
...
...
}
首先重写 AuthorizeAttribute的OnAuthorization 方法,代码如下:
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (!AuthorizeCore(filterContext.HttpContext))
{
HandleUnauthorizedRequest(filterContext);
}
else
{
filterContext.HttpContext.Response.Cache.SetCacheability(HttpCacheability.NoCache);
//HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
//cachePolicy.SetProxyMaxAge(new TimeSpan(0));
//cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
}
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (!AuthorizeCore(filterContext.HttpContext))
{
HandleUnauthorizedRequest(filterContext);
}
else
{
filterContext.HttpContext.Response.Cache.SetCacheability(HttpCacheability.NoCache);
//HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
//cachePolicy.SetProxyMaxAge(new TimeSpan(0));
//cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
}
AuthorizeAttribute的OnAuthorization方法内部调用了AuthorizeCore方法,这个方法是实现验证和授权逻辑的地方,如果这个方法返回true,
表示授权成功,如果返回false, 表示授权失败, 会给上下文设置一个HttpUnauthorizedResult,这个ActionResult执行的结果是向浏览器返回
一个401状态码(未授权),但是返回状态码没什么意思,通常是跳转到一个登录页面,可以重写AuthorizeAttribute的
HandleUnauthorizedRequest 方法 :
View Code 
protected override void HandleUnauthorizedRequest(AuthorizationContext context)
{
if (context == null)
{
throw new ArgumentNullException("filterContext");
}
else
{
string path = context.HttpContext.Request.Path;
string strUrl = "/Account/LogOn?returnUrl={0}";
context.HttpContext.Response.Redirect(string.Format(strUrl, HttpUtility.UrlEncode(path)), true);
}
}
{
if (context == null)
{
throw new ArgumentNullException("filterContext");
}
else
{
string path = context.HttpContext.Request.Path;
string strUrl = "/Account/LogOn?returnUrl={0}";
context.HttpContext.Response.Redirect(string.Format(strUrl, HttpUtility.UrlEncode(path)), true);
}
}
如果考虑到缓存的情况,可以有两种方法解决 注:第一种方法没试成功,第二种成功了
1】】
OnAuthorization 中注释的部分
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
回调函数CacheValidateHandler
private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
{
validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
}
{
validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
}
最终调用 OnCacheAuthorization ,然后重写 OnCacheAuthorization
protected override HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext)
{
return HttpValidationStatus.Invalid;
}
{
return HttpValidationStatus.Invalid;
}
2】】
直接在 OnAuthorization 中设置
filterContext.HttpContext.Response.Cache.SetCacheability(HttpCacheability.NoCache);
解决缓存问题。