ASP.NET MVC 提供Filters(筛选器)之前或之后调用操作方法执行筛选逻辑,和AOP面向切面编程一样。
本文已经同步到《Asp.net Vnext 系列教程 》中]
本章主要介绍AuthorizeAttribute
Authorize 属性,可以对控制器操做的声明性的授权检查。 现。
实例代码
启动类
services.ConfigureAuthorization(options =>
{
//添加策略
options.AddPolicy("Api-Manager", policy =>
{ //添加认证方案的名字
policy.ActiveAuthenticationSchemes.Add("Api");
//创建认证策略Claim
policy.RequireClaim("Permission", "CanViewPage");
}); });
public void Configure(IApplicationBuilder app)
{ app.UseMiddleware<AuthorizeBasicMiddleware>("Api");
//添加中间件 }
中间件
public class AuthorizeBasicMiddleware : AuthenticationMiddleware<BasicOptions>
{
public AuthorizeBasicMiddleware( RequestDelegate next, IOptions<BasicOptions> options, string authScheme) :
//这里必需是"Api"
base(next, options, new ConfigureOptions<BasicOptions>(o => o.AuthenticationScheme = authScheme) { Name = authScheme })
{
} protected override AuthenticationHandler<BasicOptions> CreateHandler()
{
//new 一个认证处理
return new BasicAuthenticationHandler();
}
}
认证处理类
public class BasicAuthenticationHandler : AuthenticationHandler<BasicOptions>
{
protected override void ApplyResponseChallenge()
{ //验证失败进行跳转
// this.Response.Redirect("http://baidu.com"); } protected override void ApplyResponseGrant()
{
//验证失败清除Cookies
//this.Response.Cookies.Delete("11"); } protected override AuthenticationTicket AuthenticateCore()
{
var principal = new ClaimsPrincipal();
//添加Claim
principal.AddIdentity(new ClaimsIdentity(
new Claim[] {
new Claim("Permission", "CanViewPage"), },
Options.AuthenticationScheme));
//返回一个票据
return new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
}
}
控制器
public class AuthorizeUserController : Controller
{
//策略名表示应用的策略
[Authorize("Api-Manager")]
public string ApiManagers()
{
return "Hello World!";
}
这个时候我们修改一认证处理类
public class BasicAuthenticationHandler : AuthenticationHandler<BasicOptions>
{
protected override void ApplyResponseChallenge()
{ //验证失败进行跳转
this.Response.Redirect("http://baidu.com"); } protected override void ApplyResponseGrant()
{
//验证失败清除Cookies
//this.Response.Cookies.Delete("11"); } protected override AuthenticationTicket AuthenticateCore()
{
var principal = new ClaimsPrincipal();
//添加Claim
principal.AddIdentity(new ClaimsIdentity(
new Claim[] {
new Claim("Permission", "CanViewPage1"), },
Options.AuthenticationScheme));
//返回一个票据
return new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
}
}
在认证处理类没有找到相同的Claim,导致认证失败,跳转百度。
简单介绍过滤器,估计大家都会
IExceptionFilter 异常过滤器
IActionFilter 动作过滤器
IResultFilter 结果过滤器
AuthorizationFilterAttribute 认证过滤器
启动类中注册全局过滤器
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new GlobalExceptionFilter());
options.Filters.Add(new GlobalActionFilter());
options.Filters.Add(new GlobalResultFilter());
options.Filters.Add(new GlobalAuthorizationFilter()); });
Asp.net vnext 文档
http://mvc.readthedocs.org/en/latest/index.html