ASP.NET MVC使用Authorize过滤器验证用户登录。Authorize过滤器首先运行在任何其它过滤器或动作方法之前,主要用来做登录验证或者权限验证。
示例:使用Authorize过滤器实现简单的用户登录验证。
1、创建登录控制器LoginController
///
/// 登录控制器
///
[AllowAnonymous]
public class LoginController : Controller
{
///
/// 登录页面
///
public ActionResult Index()
{
return View();
}
/// <summary>
/// 登录
/// </summary>
[HttpPost]
public ActionResult Login(string loginName, string loginPwd)
{
if (loginName == "admin" && loginPwd == "123456")
{
//登录成功
Session["LoginName"] = loginName;
return RedirectToAction("Index", "Home");
}
else
{
//登录失败
return RedirectToAction("Index", "Login");
}
}
/// <summary>
/// 注销
/// </summary>
public ActionResult Logout()
{
Session.Abandon();
return RedirectToAction("Index", "Login");
}
}
注意:在登录控制器LoginController上添加AllowAnonymous特性,该特性用于标记在授权期间要跳过AuthorizeAttribute的控制器和操作。
2、创建登录页面
@{
ViewBag.Title = “登录页面”;
Layout = null;
}
登录页面
用户:密码:
效果图:
3、创建主页控制器LoginController
public class HomeController : Controller
{
public ActionResult Index()
{
//获取当前登录用户
string loginName = Session[“LoginName”].ToString();
ViewBag.Message = “当前登录用户:” + loginName;
return View();
}
}
4、创建主页页面
@{
ViewBag.Title = “Index”;
Layout = null;
}
Index
@ViewBag.Message
5、创建授权过滤器LoginAuthorizeAttribute类
创建Filter目录,在该目录下创建授权过滤器LoginAuthorizeAttribute类,继承AuthorizeAttribute。
using System.Web.Mvc;
namespace MvcApp.Filter
{
///
/// 授权过滤器
///
public class LoginAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
//判断是否跳过授权过滤器
if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)
|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
{
return;
}
//判断登录情况
if (filterContext.HttpContext.Session["LoginName"] == null || filterContext.HttpContext.Session["LoginName"].ToString()=="")
{
//HttpContext.Current.Response.Write("认证不通过");
//HttpContext.Current.Response.End();
filterContext.Result = new RedirectResult("/Login/Index");
}
}
}
}
通常Authorize过滤器也是在全局过滤器上面的,在App_Start目录下的FilterConfig类的RegisterGlobalFilters方法中添加:
using System.Web;
using System.Web.Mvc;
using MvcApp.Filter;
namespace MvcApp
{
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
//添加全局授权过滤器
filters.Add(new LoginAuthorizeAttribute());
}
}
}
Global.asax下的代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Optimization;
using System.Web.Routing;
namespace MvcApp
{
public class MvcApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
}
}