zoukankan      html  css  js  c++  java
  • ASP.NET MVC权限验证 封装类

    写该权限类主要目地

    为了让权限配置更加的灵活,可以根据SQL、json、或者XML的方式来动态进行页面的访问控制,以及没有权限的相关跳转。

    使用步骤

    1、要建一个全局过滤器

       //受权过滤器
        public class AuthorizeFilter : AuthorizeAttribute
        {
            public override void OnAuthorization(AuthorizationContext filterContext)
            { 
            }
       }
    

      

    2、Gobal里注册 GlobalFilters.Filters.Add(new AuthorizeFilter());该过该全局过滤器

        protected void Application_Start()
            {
                AreaRegistration.RegisterAllAreas();
                GlobalConfiguration.Configure(WebApiConfig.Register);
                GlobalFilters.Filters.Add(new AuthorizeFilter());
                FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
                RouteConfig.RegisterRoutes(RouteTable.Routes);
                BundleConfig.RegisterBundles(BundleTable.Bundles);
            }
    

      

    3、在过滤器中调用 SystemAuthorizeService.Start实现

       (1)使用对象进行权限验证




     public override void OnAuthorization(AuthorizationContext filterContext)
            {
               
                List<SystemAuthorizeModel> smList = new List<SystemAuthorizeModel>()
                {
                    //用户1,2,3可以访问 area为admin  所有权限
                    new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.Area, AreaName="admin" , UserKeyArray=new dynamic[] { 1,2,3 /*用户授权数组*/} },
    
    
                    //用户8,7可以访问 area为admin  控制器为:center   所有权限
                    new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.Controller, AreaName="admin" , ControllerName="center", UserKeyArray=new dynamic[] { 8,7 /*用户授权数组*/} },
    
                    
                    //用户1可以访问为 area为:null 控制器为:home  操作为:about 的请求
                    new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.Action,  ControllerName="home" , ActionName="about" , UserKeyArray=new dynamic[] { 1 } },
    
    
                    //给用户100和110所有页面权限
                    new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.All, UserKeyArray=new dynamic[] { 100,110 } }
    
                };
    
    
                SystemAuthorizeErrorRedirect sr = new SystemAuthorizeErrorRedirect();
                sr.DefaultUrl = "/user/login";//没有权限都跳转到DefaultUrl
               //sr.ItemList=xx 设置更详细的跳转
    
    
                SystemAuthorizeService.Start(filterContext, smList, sr, () =>
                {
    
                    //获取用户ID 
                    return 1; //用户ID为1,作为DEMO写死 ,当然了可以是SESSION也可以是COOKIES等 这儿就不解释了
                });
            }
    

      

    
    

    (2)使用JSON转成对象进行验证

    [
    {
    "SystemAuthorizeType": 1,
    "AreaName": "admin",
    "ControllerName": "center",
    "ActionName": null,
    "UserKeyArray": [
    1,
    2,
    3
    ]
    },
    {
    "SystemAuthorizeType": 1,
    "AreaName": "admin",
    "ControllerName": "center",
    "ActionName": null,
    "UserKeyArray": [
    8,
    7
    ]
    },
    {
    "SystemAuthorizeType": 3,
    "AreaName": null,
    "ControllerName": "home",
    "ActionName": "about",
    "UserKeyArray": [
    1
    ]
    },
    {
    "SystemAuthorizeType": 0,
    "AreaName": null,
    "ControllerName": null,
    "ActionName": null,
    "UserKeyArray": [
    100,
    110
    ]
    }
    ]



    SystemAuthorizeService代码:

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Linq.Expressions;
    using System.Web;
    using System.Web.Mvc;
    using System.Web.Routing;
    
    namespace Idea.Models.Filters
    {
        /// <summary>
        /// 系统授权服务
        /// 作者:sunkaixuan
        /// 时间:2015-10-25
        /// </summary>
        public class SystemAuthorizeService
        {
            /// <summary>
            /// 启动系统授权
            /// </summary>
            /// <param name="filterContext"></param>
            /// <param name="SystemAuthorizeList">所有验证项</param>
            /// <param name="errorRediect">没有权限跳转地址</param>
            /// <param name="GetCurrentUserId">获取当前用户ID</param>
            public static void Start(AuthorizationContext filterContext, List<SystemAuthorizeModel> systemAuthorizeList, SystemAuthorizeErrorRedirect errorRediect, Func<object> GetCurrentUserKey)
            {
    
    
                if (errorRediect == null)
                {
                    throw new ArgumentNullException("SystemAuthorizeService.Start.errorRediect");
                }
                if (systemAuthorizeList == null)
                {
                    throw new ArgumentNullException("SystemAuthorizeService.Start.systemAuthorizeList");
                }
    
                //全部小写
                foreach (var it in systemAuthorizeList)
                {
                    it.ControllerName = it.ControllerName.ToLower();
                    it.ActionName = it.ActionName.ToLower();
                    it.AreaName = it.AreaName.ToLower();
                }
    
    
                //声名变量
                var context = filterContext.HttpContext;
                var request = context.Request;
                var response = context.Response;
                string actionName = filterContext.ActionDescriptor.ActionName.ToLower();
                string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower();
                string areaName = null;
                bool isArea = filterContext.RouteData.DataTokens["area"] != null;
    
    
                //变量赋值
                if (isArea)
                    areaName = filterContext.RouteData.DataTokens["area"].ToString().ToLower();
    
    
                //函数方法
                #region 函数方法
                Action<string, string, string> Redirect = (action, controller, area) =>
                {
                    filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = controller, action = action, area = area }));
                };
                Action<string> RedirectUrl = url =>
                {
                    filterContext.Result = new RedirectResult(url);
                };
                #endregion
    
    
                Func<SystemAuthorizeErrorRedirectItemList, bool> redirectActionExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName && it.Controller == controllerName && it.Action == actionName;
                Func<SystemAuthorizeErrorRedirectItemList, bool> redirectControllerExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName && it.Controller == controllerName;
                Func<SystemAuthorizeErrorRedirectItemList, bool> redirectAreaExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName;
    
    
                Func<SystemAuthorizeModel, bool> actionExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.AreaName == areaName && it.ControllerName == controllerName && it.ActionName == actionName;
                Func<SystemAuthorizeModel, bool> controllerExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Controller && it.AreaName == areaName && it.ControllerName == controllerName;
                Func<SystemAuthorizeModel, bool> areaExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Area && it.AreaName == areaName;
    
                dynamic userId = GetCurrentUserKey();
    
                //所有权限
                bool isAllByUuserKey = IsAllByUserKey(systemAuthorizeList, userId);
                bool isAreaByUserKey = IsAreaByUserKey(systemAuthorizeList, areaName, userId);
                bool isControllerByUserKey = IsControllerByUserKey(systemAuthorizeList, areaName, controllerName, userId);
                bool isActionByUserKey = IsActionByUserKey(systemAuthorizeList, areaName, controllerName, actionName, userId);
                //有权限
                var hasPower = (isAllByUuserKey || isActionByUserKey || isControllerByUserKey || isAreaByUserKey);
                //需要验证
                var mustValidate = systemAuthorizeList.Any(actionExpression) || systemAuthorizeList.Any(controllerExpression) || systemAuthorizeList.Any(areaExpression);
    
                if (!hasPower && mustValidate)
                {
                    ErrorRediect(errorRediect, RedirectUrl, redirectActionExpression, redirectControllerExpression, redirectAreaExpression);
                }
    
            }
    
            private static void ErrorRediect(SystemAuthorizeErrorRedirect errorRediect, Action<string> RedirectUrl, Func<SystemAuthorizeErrorRedirectItemList, bool> actionExpression, Func<SystemAuthorizeErrorRedirectItemList, bool> controllerExpression, Func<SystemAuthorizeErrorRedirectItemList, bool> areaExpression)
            {
                if (errorRediect.ItemList == null)
                {//返回默认错误地址
                    RedirectUrl(errorRediect.DefaultUrl);
                }
                else if (errorRediect.ItemList.Any(actionExpression))
                {
                    var red = errorRediect.ItemList.Single(actionExpression);
                    RedirectUrl(red.ErrorUrl);
                }
                else if (errorRediect.ItemList.Any(controllerExpression))
                {
                    var red = errorRediect.ItemList.Single(controllerExpression);
                    RedirectUrl(red.ErrorUrl);
                }
                else if (errorRediect.ItemList.Any(areaExpression))
                {
                    var red = errorRediect.ItemList.Single(areaExpression);
                    RedirectUrl(red.ErrorUrl);
                }
                else if (errorRediect.ItemList.Any(it => it.SystemAuthorizeType == SystemAuthorizeType.All))
                {
                    var red = errorRediect.ItemList.Single(it => it.SystemAuthorizeType == SystemAuthorizeType.All);
                    RedirectUrl(red.ErrorUrl);
                }
                else
                {
                    RedirectUrl(errorRediect.DefaultUrl);
                }
            }
    
            private static bool IsAllByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, object userKey)
            {
                var hasAll = systemAuthorizeList.Any(it => it.SystemAuthorizeType == SystemAuthorizeType.All);
                if (hasAll)
                {
                    if (systemAuthorizeList.Any(it => it.UserKeyArray != null && it.UserKeyArray.Contains(userKey)))
                    {
                        return true;
                    }
                }
    
                return false;
            }
            private static bool IsAreaByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, string area, object userKey)
            {
    
                if (systemAuthorizeList.Any(it => it.AreaName == area && it.SystemAuthorizeType == SystemAuthorizeType.Area)) //是否存在验证级别为Area的验证
                {
                    var isContains = systemAuthorizeList.Any(it => it.AreaName == area && it.SystemAuthorizeType == SystemAuthorizeType.Area && it.UserKeyArray.Contains(userKey));
                    return isContains;
                }
                return false;
            }
    
    
            private static bool IsControllerByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, string area, string controller, object userKey)
            {
                if (systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.SystemAuthorizeType == SystemAuthorizeType.Controller)) //是否存在验证级别为Controller的验证
                {
                    var isContains = systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.SystemAuthorizeType == SystemAuthorizeType.Controller && it.UserKeyArray.Contains(userKey));
                    return isContains;
                }
                return false;
            }
    
    
    
    
            private static bool IsActionByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, string area, string controller, string action, dynamic userKey)
            {
    
                if (systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.ActionName == action && it.SystemAuthorizeType == SystemAuthorizeType.Action)) //是否存在验证级别为action的验证
                {
                    return systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.ActionName == action && it.SystemAuthorizeType == SystemAuthorizeType.Action && it.UserKeyArray.ToString().Contains(userKey.ToString()));
                }
    
                return false;
            }
        }
    
    
    
    
    
    
        /// <summary>
        /// 用户访问需要授权的项
        /// </summary>
        public class SystemAuthorizeModel
        {
            /// <summary>
            /// 验证类型
            /// </summary>
            public SystemAuthorizeType SystemAuthorizeType { get; set; }
            /// <summary>
            /// 用户拥有权限访问的Area
            /// </summary>
            public string AreaName { get; set; }
            /// <summary>
            /// 用户拥有权限访问的Controller
            /// </summary>
            public string ControllerName { get; set; }
            /// <summary>
            /// 用户拥有权限访问的Actioin
            /// </summary>
            public string ActionName { get; set; }
            /// <summary>
            /// 用户ID
            /// </summary>
            public dynamic[] UserKeyArray { get; set; }
    
        }
    
        /// <summary>
        /// 如果没有权限返回地址
        /// </summary>
        public class SystemAuthorizeErrorRedirect
        {
            /// <summary>
            /// 默认值
            /// </summary>
            public string DefaultUrl { get; set; }
    
            public List<SystemAuthorizeErrorRedirectItemList> ItemList { get; set; }
        }
    
        public class SystemAuthorizeErrorRedirectItemList
        {
            /// <summary>
            /// 验证类型
            /// </summary>
            public SystemAuthorizeType SystemAuthorizeType { get; set; }
            public string Controller { get; set; }
            public string Action { get; set; }
            public string Area { get; set; }
    
            public string ErrorUrl { get; set; }
    
        }
    
        /// <summary>
        /// 验证类型
        /// </summary>
        public enum SystemAuthorizeType
        {
            /// <summary>
            /// 所有权限
            /// </summary>
            All = 0,
            /// <summary>
            ///验证Area
            /// </summary>
            Area = 1,
            /// <summary>
            /// 验证Area和Controller
            /// </summary>
            Controller = 2,
            /// <summary>
            /// 验证Area和Controller和Action
            /// </summary>
            Action = 3,
            /// <summary>
            /// 没有权限
            /// </summary>
            No = 4
    
        }
    }
    

      

  • 相关阅读:
    SpringBoot整合Apache-CXF实践
    jar包部署指定不同环境
    Cannot create GC thread. Out of system resources.
    更改"xxxx" 的权限: 不允许的操作
    [AWS] Lab: Configure a Cognito user can access DynamoDB for read
    [Tools] VI cmds
    [AWS DA GURU] KMS and Encryption on AWS
    [Linux] Add new sudo user & assign folder owner
    [AWS
    [AWS
  • 原文地址:https://www.cnblogs.com/sunkaixuan/p/4908773.html
Copyright © 2011-2022 走看看