using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using Autofac;
using WuZiFenGongSiInfomation.Common;
using WuZiFenGongSiInfomation.IBll;
using WuZiFenGongSiInfomation.Models.Veiw;
namespace WuZiFenGongSiInfomation.Models
{
/// <summary>
/// 登录验证,权限验证,action过滤
/// </summary>
public class LoginFilter: AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext) {
//判断是否跳过授权过滤器
if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)
|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
{
return;
}
var session = filterContext.HttpContext.Session;
bool isAjax = filterContext.HttpContext.Request.IsAjaxRequest();
bool IsAuthenticated = filterContext.HttpContext.User.Identity.IsAuthenticated;
if (!IsAuthenticated)
{
if (isAjax)
{
filterContext.HttpContext.Response.StatusCode = 801;
filterContext.Result = new EmptyResult();
filterContext.HttpContext.Response.ContentType = "application/json;charset=UTF-8";
filterContext.HttpContext.Response.Write("{\"Code\":500,\"Msg\":\"登录失效,请重新登录\"}");
filterContext.HttpContext.Response.End();
}
else
{
filterContext.Result = new RedirectResult("/user/login");
}
return;
}
string userId = filterContext.HttpContext.User.Identity.Name;
UserView loginUser = MemoryCacheProvider.GetOrAddCacheItem<UserView>(userId, () =>
{
IAnUserBll anUserBll = DependencyResolverHelpter.container.Resolve<IAnUserBll>();
var model = anUserBll.GetUserById(userId);
//如果是超级管理员,则不继续验证 2019-10-31 11:30:01 添加
string superAdmin2 = CommonData.SuperAdmin;
if (model != null)
{
string currentAccount2 = model.Account;
if (currentAccount2.Equals(superAdmin2))
{
model.Functions?.Clear();
model.Meuns = CommonData.MenusList;
model.Functions = CommonData.MenusList.Select(x => x.Id).ToList();
}
}
return model;
}, null, DateTime.UtcNow.AddSeconds(7200));
if (loginUser == null)
{
MemoryCacheProvider.Remove(userId);
System.Web.Security.FormsAuthentication.SignOut();
filterContext.Result = new RedirectResult("/user/Login");
return;
}
//请求的地址
string url = filterContext.HttpContext.Request.RawUrl;
//如果是超级管理员,则不继续验证 2019-10-31 10:25:52 添加
string superAdmin = CommonData.SuperAdmin;
string currentAccount = loginUser.Account;
if (currentAccount.Equals(superAdmin))
{
return;
}
//需要登录,但不验证权限
if (Roles.Equals("pass"))
{
return;
}
//验证用户角色是否被禁用
IAnRoleBll anRoleBll = DependencyResolverHelpter.container.Resolve<IAnRoleBll>();
AnRole role = anRoleBll.Get(loginUser.RoleId);
if (role != null && role.Status == 0)
{
filterContext.Result = new EmptyResult();
filterContext.HttpContext.Response.Write("<h3>你的角色被禁用</h3>");
filterContext.HttpContext.Response.StatusCode = 401;
filterContext.HttpContext.Response.End();
return;
}
//验证用户权限
bool access = loginUser.Functions.Contains(Roles);
if (!access)
{
if (isAjax)
{
filterContext.HttpContext.Response.ContentType = "application/json;charset=UTF-8";
filterContext.HttpContext.Response.Write("{\"Code\":500,\"Msg\":\"你没有此操作权限\"}");
}
else
{
filterContext.HttpContext.Response.Write("<h3>你没有此操作权限</h3>");
}
filterContext.HttpContext.Response.StatusCode = 401;
//阻止执行后续的action
filterContext.Result = new EmptyResult();
filterContext.HttpContext.Response.End();
}
}
}
}
webconfig配置文件设置FormsAuthentication节点
<system.web>
<authentication mode="Forms">
<!--分钟-->
<forms name=".UserInfo" timeout="120" slidingExpiration="true" path="/" />
</authentication>
</system.web>
登录action参考
public async Task<ActionResult> LoginDo(LoginInput input)
{
Result<UserView> result = await anUserBll.LoginDoAsync(input);
if (result.Code == 200)
{
//登录成功写入cookie认证
string loginAuthTxt = result.Data.Id;
FormsAuthentication.SetAuthCookie(loginAuthTxt, true);
}
return Json(result);
}
使用过滤器在调用action之前,验证权限、登录没有,Roles = "140040070"是权限值,表示用户的权限值集合中是否具有这个权限值,有就表示可以访问此action
//确认页面
[LoginFilter(Roles = "140040070")]
public async Task<ActionResult> ConfirmView(string id)
{
return View();
}
前端页面$.ajax状态码重写弹出验证消息
<script type="text/javascript">
(function ($) {
var _ajax = $.ajax;
$.ajax = function (opt) {
//扩展增强处理
var _opt = $.extend(opt, {
statusCode: {
401: function () {
console.log('您没有权限进行此项操作');
alert("您没有权限进行此项操作");
//window.location.reload();
},
801: function () {
console.log('登录失效,请重新登录');
alert("登录失效,请重新登录");
}
}
});
_ajax(_opt);
};
})(jQuery);
</script>