使用.net自带的forms验证是否有登录,没有登录则跳回loginUrl
在 webconfig 中的 <system.web>
里加入
<authentication mode="Forms">
<forms loginUrl="/sys/login" />
</authentication>
在用的控制器中加入[Authorize]
特性
全部控制器:在App_Start 下FilterConfig.cs 里注册过滤器
filters.Add(new AuthorizeAttribute());
判断是否用户登录看是否有票据(FormsAuthenticationTicket
)生成
下面是登录,登出,获取登录用户代码
//获取FormsAuthentication 票据,保存cookie
public static void Login(LoginUser loginUser,int expireHour=10)
{
DateTime expiration = DateTime.Now;
if (expireHour > 0)
expiration = expiration.AddHours(expireHour);
var data = Newtonsoft.Json.JsonConvert.SerializeObject(loginUser);
var ticket = new FormsAuthenticationTicket(1, loginUser.UserName, DateTime.Now,expiration, true, data);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName,FormsAuthentication.Encrypt(ticket));
cookie.HttpOnly = true;
cookie.Expires = expiration;
var context = HttpContext.Current;
context.Response.Cookies.Remove(cookie.Name);
context.Response.Cookies.Add(cookie);
}
//退出登录
public static void LogOut()
{
var context = HttpContext.Current;
var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
if (cookie != null)
context.Request.Cookies.Remove(FormsAuthentication.FormsCookieName);
FormsAuthentication.SignOut();
}
//获取用户
public static LoginUser GetLoginUser()
{
var context = HttpContext.Current;
var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
if (cookie == null)
return null;
var ticket = FormsAuthentication.Decrypt(cookie.Value);
if (ticket == null)
return null;
var loginUser= Newtonsoft.Json.JsonConvert.DeserializeObject<LoginUser>(ticket.UserData);
return loginUser;
}