zoukankan      html  css  js  c++  java

  • MVC中使用AuthorizeAttribute做身份验证操作

    代码顺序为:OnAuthorization-->AuthorizeCore-->HandleUnauthorizedRequest


    假设AuthorizeCore返回false时,才会走HandleUnauthorizedRequest 方法,而且Request.StausCode会返回401,401错误又相应了Web.config中

    <authentication mode="Forms">
          <forms loginUrl="~/" timeout="2880" />
        </authentication>

    全部,AuthorizeCore==false 时,会跳转到 web.config 中定义的  loginUrl="~/"

     public class CheckLoginAttribute : AuthorizeAttribute
        {

            protected override bool AuthorizeCore(HttpContextBase httpContext)        {
                bool Pass = false;
                if (!CheckLogin.AdminLoginCheck())
                {
                    httpContext.Response.StatusCode = 401;//无权限状态码
                    Pass = false;
                }
                else
                {
                    Pass = true;
                }

                return Pass;
            }

          

            protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
            {


                if(filterContext.HttpContext.Request.IsAjaxRequest())
                {
                    if (!App.AppService.IsLogon)
                    {

                        filterContext.Result = new JsonResult
                                                   {
                                                       Data = new {IsSuccess = false, Message = "不好意思,登录超时,请又一次登录再操作!"},
                                                       JsonRequestBehavior = JsonRequestBehavior.AllowGet
                                                   };
                        return;
                    }
                }
                if (App.AppService.IsLogon)
                {
                    return;
                }

                base.HandleUnauthorizedRequest(filterContext);
                if (filterContext.HttpContext.Response.StatusCode == 401)
                {
                    filterContext.Result = new RedirectResult("/");
                }
            }
          

         
        }


     

    AuthorizeAttribute的OnAuthorization方法内部调用了AuthorizeCore方法,这种方法是实现验证和授权逻辑的地方,假设这种方法返回true,


       表示授权成功,假设返回false, 表示授权失败, 会给上下文设置一个HttpUnauthorizedResult,这个ActionResult运行的结果是向浏览器返回


       一个401状态码(未授权),可是返回状态码没什么意思,一般是跳转到一个登录页面,能够重写AuthorizeAttribute的

       HandleUnauthorizedRequest
    protected override void HandleUnauthorizedRequest(AuthorizationContext context)
            {
                if (context == null)
                {
                    throw new ArgumentNullException("filterContext");
                }
                else
                {
                    string path = context.HttpContext.Request.Path;
                    string strUrl = "/Account/LogOn?returnUrl={0}";
                   
                    context.HttpContext.Response.Redirect(string.Format(strUrl, HttpUtility.UrlEncode(path)), true);
                   
                }
               
            }

     
  • 相关阅读:
    wordpress wp_head()函数 浏览器顶部 空白28px 解决办法
    Google Code Project中文翻译
    PNY 必恩威 4G U盘 量产
    Ubuntu安装软件方法图文指南教程
    Web开发人员必须学习的5门课程
    正则表达式
    5个音乐伴奏下载网站推荐
    卸载“一键还原精灵”后,如何删除其备份的g.文件夹?
    常用开源协议详细解析
    零命令玩转Ubuntu 8.10(准备篇)
  • 原文地址:https://www.cnblogs.com/mengfanrong/p/4326538.html
Copyright © 2011-2022 走看看