MVC用filter做权限过滤:
1:创建filter类;类需要继承一个接口,并且重写4个方法;如下:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using BitAuto.Utils.Security;
namespace BitAuto.Video.Plugin.Web.Filter
{
public class AnaFilter : ActionFilterAttribute
{
public string ListPath { get; set; }
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
// base.OnActionExecuting(filterContext);
if (SQLSecurity.IsSqlInject(filterContext.HttpContext.Request["anaText"]))
{
filterContext.HttpContext.Response.Write(" <script language='javascript'>alert('存在非法字符。');window.history.go(-1);</script>");
}
}
public override void OnActionExecuted(ActionExecutedContext filterContext)
{
base.OnActionExecuted(filterContext);
filterContext.HttpContext.Response.Write("Action执行之后" + Message + "<br />");
}
public override void OnResultExecuting(ResultExecutingContext filterContext)
{
base.OnResultExecuting(filterContext);
filterContext.HttpContext.Response.Write("返回Result之前" + Message + "<br />");
}
public override void OnResultExecuted(ResultExecutedContext filterContext)
{
base.OnResultExecuted(filterContext);
filterContext.HttpContext.Response.Write("返回Result之后" + Message + "<br />");
}
}
}
注意:其中 filterContext对象是 从页面传过来的。
获取页面controller值的方法是 filterContext.RouteData.GetRequiredString("controller")
获取页面action值的方法是: filterContext.RouteData.GetRequiredString("action")
转到其他页面的方法是: filterContext.HttpContext.Response.Redirect()I
ip: filterContext.HttpContext.Request.Url.Host
端口:filterContext.HttpContext.Request.Url.Port.ToString()
在需要过滤的controller上加上一句代码即可:
[Filter.AnaFilter]
[AcceptVerbs(HttpVerbs.Post)]
[ValidateInput(false)]
public ActionResult Edit(int anaId, string anaText)
{
return View();
}