ASP.MVC上实现权限控制的方法很多,比如使用AuthorizeAttribute这个特性
1.创建自定义特性用于权限验证
public class AuthorizeDiy : AuthorizeAttribute
{
/// <summary>
/// 提供一个入口用于自定义授权检查
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool pass = false;
HttpCookie cookie = HttpContext.Current.Request.Cookies["admin"];
if (cookie == null || cookie.Value == null)
{
httpContext.Response.StatusCode = ;
pass = false;
}
else
{
pass = true;
}
return pass;
} /// <summary>
/// 处理未能授权的Http请求
/// </summary>
/// <param name="filterContext"></param>
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
base.HandleUnauthorizedRequest(filterContext);
filterContext.HttpContext.Response.Write(filterContext.HttpContext.Response.StatusCode);
if (filterContext.HttpContext.Response.StatusCode == )
{
//跳转到登录界面
filterContext.Result = new RedirectResult("/Login");
}
}
}
重写2个方法用于验证处理授权请求和授权失败。
2.创建控制器基类便于其他控制器继承
[AuthorizeDiy]
public class BaseAdminController:Controller
{
}
注意使用自定义特性
3.登录控制器的写法
/// <summary>
/// 登录控制器
/// </summary>
public class LoginController : BaseAdminController
{
//
// GET: /Login/
[AllowAnonymous]
public ActionResult Index()
{
return View();
} [HttpPost]
[AllowAnonymous]
public JsonResult LoginCheck()
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
,
"admin",
DateTime.Now,
DateTime.Now.AddDays(),
true,
Newtonsoft.Json.JsonConvert.SerializeObject(new {name="test"})); string ticString = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie("admin", ticString);
Response.Cookies.Add(cookie);
object result = new { success = true };
return this.Json(result);
}
}
注意:继承基类,并且使用MVC自定义特性进行授权此处只是简单实现。注意:跳转登录和验证登录的2个action必须使用Allowanonymous特性否则登录界面的权限验证无法通过会出现重复定向多次的错误
4.其他页面的Demo
登录视图:
@{
ViewBag.Title = "Index";
}
<script src="~/Scripts/jquery-1.8.2.min.js"></script>
<h2>这个是登录界面</h2>
<form class="formClass">
<button>登录</button>
</form> <script>
$(function ()
{
$(".formClass").submit(function ()
{
$.post("/Login/LoginCheck", {}, function (r) {
alert(JSON.stringify(r));
if (r) {
location.href = "/Home/Index";
}
else {
alert("登录失败");
}
});
return false;
})
})
</script>
主视图:
@{
ViewBag.Title = "Index"; } <script src="~/Scripts/jquery-1.8.2.min.js"></script>
<h2>Index</h2>
<script>
$(function ()
{ })
</script>
主页控制器:
public class HomeController : BaseAdminController
{
//
// GET: /Home/ public ActionResult Index()
{
return View();
} }
5.效果
先正常操作,然后清空缓存,实现权限控制效果,MVC路由指向Home控制器的Index
当进入主页时发现未授权自动跳转至登录界面