在WEBfrom时代 membership作为系统默认的身份验证提供程序,貌似很好用,但ASP.NET没有开源,我们又不能百分之百的按照微软默认商务方式去进行验证,有无力去彻底重写这个东西,所以membership一直是个鸡肋,但随着ASP.NETmvc的开源,这个东西真的派上了用场,而且比以前更加的强大
在应该用程序中,身份验证和各种各样的验证一直都是系统一个很重要的东西,在ASP.NETmvc中这些被整体打包成为过滤器,感觉其创意来源于IIS的管道模型
主要有一下这几个东西
FilterAttribute,ActionFilterAttribute,AuthorizeAttribute 可以继承重写
IActionFilter, IResultFilter, IExceptionFilter, IAuthorizationFilter 接口可以定义自己的实现
网上有个不错的关系图
刚一开始,我一直纳闷为什们系统自己的FILTER可以传参数
而卧自己继承重写和自己实现的咋就是不能传参了,这个时候终于感受到开源的伟大,看了一些源码终于知道怎么搞了
就是在类中定义公开的属性例如下面的实现的接口
例如 继承重写
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
public
class
MyActionFilter:ActionFilterAttribute
{
public
override
void
OnActionExecuted(ActionExecutedContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write(
string
.Format(
"1执行"
));
base
.OnActionExecuted(filterContext);
}
public
override
void
OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write(
string
.Format(
"2执行"
));
base
.OnActionExecuting(filterContext);
}
public
override
void
OnResultExecuted(ResultExecutedContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write(
string
.Format(
"3执行"
));
base
.OnResultExecuted(filterContext);
}
public
override
void
OnResultExecuting(ResultExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write(
string
.Format(
"4执行"
));
base
.OnResultExecuting(filterContext);
}
}
public
class
MyAuthorization : AuthorizeAttribute
{
protected
override
bool
AuthorizeCore(HttpContextBase httpContext)
{
return
base
.AuthorizeCore(httpContext);
}
protected
override
void
HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
base
.HandleUnauthorizedRequest(filterContext);
}
public
override
void
OnAuthorization(AuthorizationContext filterContext)
{
base
.OnAuthorization(filterContext);
}
protected
override
HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext)
{
return
base
.OnCacheAuthorization(httpContext);
}
}
|
还有实现接口自定义自己的验证方式
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
public
class
MyFilter : FilterAttribute, IActionFilter, IResultFilter, IExceptionFilter, IAuthorizationFilter
{
private
string
_roles;
private
string
[] _rolesSplit =
new
string
[0];
private
string
_users;
private
string
[] _usersSplit =
new
string
[0];
//过滤器但参数就是过滤器中定义的公开的参数
public
string
Roles
{
get
{
return
_roles ?? String.Empty;
}
set
{
_roles = value;
// _rolesSplit = SplitString(value);
}
}
public
string
Users
{
get
{
return
_users ?? String.Empty;
}
set
{
_users = value;
// _usersSplit = SplitString(value);
}
}
#region IActionFilter 成员
public
void
OnActionExecuted(ActionExecutedContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write(
string
.Format(
"Action({0})已经执行了!<br />"
,filterContext.ActionDescriptor.ActionName));
}
public
void
OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write(
string
.Format(
"Action({0})执行之前!<br />"
,filterContext.ActionDescriptor.ActionName));
}
#endregion
#region IResultFilter 成员
public
void
OnResultExecuted(ResultExecutedContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write(
"Result已经执行了!"
);
}
public
void
OnResultExecuting(ResultExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write(
"Result执行之前!"
);
}
#endregion
#region IExceptionFilter 成员
public
void
OnException(ExceptionContext filterContext)
{
string
controller = filterContext.RouteData.Values[
"controller"
]
as
string
;
string
action = filterContext.RouteData.Values[
"action"
]
as
string
;
filterContext.RequestContext.HttpContext.Response.Write(
string
.Format(
"{0}:{1}发生异常!{2}"
,
controller,action, filterContext.Exception.Message));
filterContext.ExceptionHandled =
true
;
}
#endregion
#region IAuthorizationFilter 成员
public
void
OnAuthorization(AuthorizationContext filterContext)
{
filterContext.HttpContext.Response.Write(
"执行authorization! 判断时候有权限。。。。<br />"
);
}
#endregion
}
|