1)自定义AuthorizeAttribute
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
namespace WebApplication50.Controllers
{
public class LintwayAuthorizeAttribute : AuthorizeAttribute
{
/// <summary>
/// 判断用户是否登录成功
/// 登录成功返回true,否者返回false
/// 返回false将读取web.config中的loginUrl跳转到登录页面
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAuthorized = false;
if (httpContext != null && httpContext.Session != null)
{
if (httpContext.Session["UserID"] != null)
{
isAuthorized = true;
}
}
return isAuthorized;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
}
}
}
2)在Web.config的<system.web>中添加登录页面的Url
<authentication mode="Forms">
<forms loginUrl="~/Home/Login" timeout="2880" />
</authentication>
3)修改HomeController,并生成添加视图HomeController代码如下(Index、About调用自定义AuthorizeAttribute)
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
namespace WebApplication50.Controllers
{
public class HomeController : Controller
{
[LintwayAuthorize]
public ActionResult Index()
{
return View();
}
[LintwayAuthorize]
public ActionResult About()
{
return View();
}
public ActionResult Login()
{
return View();
}
/// <summary>
/// 模拟登录操作,往Session添加数据
/// </summary>
/// <param name="UserID"></param>
/// <returns></returns>
public JsonResult DoLogin(int UserID)
{
Session["UserID"] = UserID;
JsonResult returnJson = new JsonResult();
returnJson = Json(new {
LoginSuccess=true
});
return returnJson;
}
}
}
4)登录页面前台代码
@{
Layout = null;
}
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width" />
<title>Login</title>
<script src="~/Scripts/jquery-1.10.2.min.js"></script>
<script type="text/javascript">
$(function () {
$('#btnLogin').click(function(){
var url = '@Url.Action("DoLogin","Home")';
$.post(url, { UserID: 1}, function (result) {
if (result.LoginSuccess == true) {
window.location.href = getQueryString('ReturnUrl');
}
});
});
});
function getQueryString(name) {//获取url参数
var reg = new RegExp("(^|&)" + name + "=([^&]*)(&|$)");
var r = decodeURI(window.location.search.substr(1)).match(reg);
if (r != null) return unescape(r[2]); return null;
}
</script>
</head>
<body>
<div>
<input id="btnLogin" type="button" value="Login" />
</div>
</body>
</html>
整个权限管理的过程:
用户打开About页面由于Action About调用了LintwayAuthorize,在显示About页面之前它将运行LintwayAuthorize中的OnAuthorization、AuthorizeCore重载事件,由于Session["UserID"]==null所以AuthorizeCore返回false,页面根据Web.config中配置跳转到Login页面。
用户单击登录按钮创建Session["UserID"]并返回到About页面
和之前一样由于Action About调用了LintwayAuthorize,在显示About页面之前它将运行LintwayAuthorize中的OnAuthorization、AuthorizeCore重载事件,这次Session["UserID"]!=null,所以AuthorizeCore返回true,页面就停留在About页面。