/// <summary>
/// 验证用户登录授权
/// </summary>
public sealed class IsLoginAttribute : FilterAttribute, IAuthorizationFilter
{
/// <summary>
/// 是否验证登录,true需要验证,false不用验证
/// </summary>
public bool IsCheck;
public void OnAuthorization(AuthorizationContext filterContext)
{
//判断是否跳过授权过滤器
if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)
|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
{
return;
}
if (IsCheck)
{
object user = filterContext.HttpContext.Session["user"];
bool isAjax = filterContext.HttpContext.Request.IsAjaxRequest();
if (isAjax)
{
if (user == null)
{
//ContentResult content = new ContentResult();
//content.Content = json;
filterContext.Result = new HttpStatusCodeResult(999, "Not logged in");//content
}
}
else
{
string url = filterContext.HttpContext.Request.Url.LocalPath;
string url2 = url.ToLower();
string[] urlList = { "/manager/menu", "/manager/index" };
if (user == null)
{
if (urlList.Contains(url2))
{
ActionResult result = new RedirectResult("/Manager/Login");
filterContext.Result = result;
}
else if (filterContext.HttpContext.Request.HttpMethod == "GET")
{
ActionResult result = new RedirectResult("/Manager/Login");
filterContext.Result = result;
}
}
}
}
}
}
方式二,写个类继承AuthorizeAttribute,然后过滤验证请求:
public class LoginFilter : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
//判断是否跳过授权过滤器
if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)
|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
{
return;
}
var session = filterContext.HttpContext.Session;
bool isAjax = filterContext.HttpContext.Request.IsAjaxRequest();
LoginInfo loginInfo = session["LoginInfo"] as LoginInfo;
if (loginInfo == null)
{
if (isAjax)
{
filterContext.Result = new HttpUnauthorizedResult("登录失效,请登录");
}
else
{
filterContext.Result = new RedirectResult(ConfigurationManager.AppSettings["loginpage"]);
}
return;
}
}
}
//整个控制器所有方法都要验证登录
[LoginFilter]
public class BaseController : Controller
{
}
public class HomeController : Controller
{
//不验证登录
[AllowAnonymous]
public ActionResult Index()
{
return View();
}
}
public class DefaultController : Controller
{
//验证登录
[LoginFilter]
public ActionResult Index()
{
return View();
}
}