以前我们做登陆判断是一般情况是通过实现IAuthorizationFilter 这个过滤器来做的
例如
public class CustomAuthorizationFilterAttribute : Attribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationFilterContext context)
{
//如果方法上面标记了AllowAnonymous特性,则跳过登录校验-以及权限检查
if (context.ActionDescriptor.EndpointMetadata.Any(item => item is AllowAnonymousAttribute))
{
return;
}
string userCookie = context.HttpContext.Request.Cookies["CurrentUser"]; //获取Cookie
if (userCookie == null)
{
context.Result = new RedirectResult("/Home/Login"); //没有Cookie则跳转到登陆页面
}
else
{
return;
}
}
}
控制器
namespace AuthWeb.Controllers
{
//[CustomAuthorizationFilter] //可以将自定义的过滤器写打到类上,或者将这个过滤器在Startup->Configuration方法类做全局注册
public class HomeController : Controller
{
private readonly ILogger<HomeController> _logger;
public HomeController(ILogger<HomeController> logger)
{
_logger = logger;
}
public IActionResult Index()
{
return View();
}
[AllowAnonymous]
public IActionResult LogIn(string name,string password)
{
if ("Admin".Equals(name, StringComparison.CurrentCultureIgnoreCase) && password.Equals("123456"))//用户名忽略大小写比对
{
base.HttpContext.Response.Cookies.Append("CurrentUser", "Admin", new Microsoft.AspNetCore.Http.CookieOptions
{
Expires = DateTime.UtcNow.AddMinutes(1)//Cookie 30分钟过期
});
return new JsonResult(new { Result = true, Message = "登录成功" });
}
else
{
return new JsonResult(new { Result = false, Message = "登录失败" });
}
}
}
}
全局注册CustomAuthorizationFilterAttribute过滤器
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews(options=> {
options.Filters.Add(typeof(CustomAuthorizationFilterAttribute));//全局权限检查过滤器
});
}
}