asp.net mvc里的过滤器是个非常好用的东西,用来做登录和权限验证是最常规的用法,里面有些具体实现方法,查找资料比较困难,现在把一些常用到的记录一下,供大家参考:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public sealed class LoginFilter : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var session = filterContext.HttpContext.Session;
var request = filterContext.HttpContext.Request;
var response = filterContext.HttpContext.Response;
var user = session["Account"] as Account;
if (user == null)
{//未登陆,判断是否有记住登录
var token = Cookies.ReadCookie("remembermetoken");
Guid r = Guid.Empty;
if (Guid.TryParse(token, out r))
{
var account = Account.GetAccountByRememberMeToken(r);
if (account == null)
{
if (string.IsNullOrWhiteSpace(request["submitTime"]))
{
session.Clear();
Cookies.DeleteCoookie();
filterContext.Result = new JsonResult() { Data = new ReturnMsg(MessageType.LoginExpire) };
}
else
{
filterContext.Result = new RedirectResult(request.Url.Scheme + "://" + request.Url.Authority);
}
}
else
{//remember me 功能实现
//这里没有做会员过期判断,以后可能会根据情况加上
session["AccountId"] = account.id.ToString();
session["Account"] = account;
filterContext.Controller.ViewBag.User = account;
}
}
else
{
if (string.IsNullOrWhiteSpace(request["submitTime"]))
{
filterContext.Result = new RedirectResult(request.Url.Scheme + "://" + request.Url.Authority);
}
else
{
filterContext.Result = new JsonResult() { Data = new ReturnMsg(MessageType.LoginExpire) };
}
}
}
else
{
filterContext.Controller.ViewBag.User = user;
}
}
[ValidateInput(false)]
public override void OnActionExecuted(ActionExecutedContext filterContext)
{
var request = filterContext.HttpContext.Request;
var session = filterContext.HttpContext.Session;
var controller = filterContext.RouteData.Values["action"].ToString();
var action = filterContext.RouteData.Values["controller"].ToString();
var model = session["Account"] as Account;
var log = new VisitLog();
log.IP = HttpHelper.GetRealIPFromRequest(request);
log.Url = request.Url.AbsoluteUri;
log.module = controller;
log.page = action;
var pm = "";
for (int i = 0; i < request.Form.Count; i++)
{
pm += "&" + request.Form.Keys[i] + "=" + request.Form[i].Trim();
}
if (model != null)
{
log.AccountId = model.id;
}
log.Param = pm.Trim('&');
log.Method = request.HttpMethod;
VisitLog.Add(log);
}
}
这一小段代码,字字玑珠,内容丰富,包含过滤器内获取asp.net内置对象的方法,获取控制器和目标方法名称,如何重定向以及阻断返回json等,还有登录验证逻辑,访问日志记录, 返回首页,rememberme功能实现等,可以作为一个过滤器使用的典范了^_^