.NET Core MVC 登陆或权限过滤器
下面是登陆过滤器
using AuthorizationCenter.Define;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Controllers;
using Microsoft.AspNetCore.Mvc.Filters;
using System.Linq;
namespace AuthorizationCenter.Filters
{
/// <summary>
/// 登陆过滤器
/// </summary>
public class SignFilter : ActionFilterAttribute
{
/// <summary>
/// 当动作执行中
/// </summary>
/// <param name="context"></param>
public override void OnActionExecuting(ActionExecutingContext context)
{
// 判断是否检查登陆
var noNeedCheck = false;
if (context.ActionDescriptor is ControllerActionDescriptor controllerActionDescriptor)
{
noNeedCheck = controllerActionDescriptor.MethodInfo.GetCustomAttributes(inherit: true)
.Any(a => a.GetType().Equals(typeof(NoSignAttribute)));
}
if (noNeedCheck) return;
// 检查登陆 - 在SignIn中判断用户合法性,将登陆信息保存在Session中,在SignOut中移除登陆信息
// 获取登陆信息 - 这里采用Session来保存登陆信息 -- Constants是字符串常量池
var userid = context.HttpContext.Session.GetString(Constants.USERID);
var signname = context.HttpContext.Session.GetString(Constants.SIGNNAME);
var password = context.HttpContext.Session.GetString(Constants.PASSWORD);
// 检查登陆信息
if (userid == null && signname == null)
{
// 用户未登陆 - 跳转到登陆界面
context.Result = new RedirectResult("/Sign/Index");
}
base.OnActionExecuting(context);
}
}
/// <summary>
/// 不需要登陆的地方加个特性
/// </summary>
public class NoSignAttribute : ActionFilterAttribute { }
}
不需要登陆的地方加个特性
[NoSign]
public IActionResult SignIn()
{
// TODO
}
需要注册过滤器
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(config =>config.Filters.Add(typeof(SignFilter))).SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
// Do Others
}