欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

ASP.NET MVC备忘

程序员文章站 2022-07-08 14:46:43
...

身份验证

方式一

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace ZSZ.AdminWeb.App_Start
{
    //这个Attribute可以应用到方法上,而且可以添加多个
    [AttributeUsage(AttributeTargets.Method,AllowMultiple =true)]
    public class CheckPermissionAttribute:Attribute
    {
        public string Permission { get; set; }
        public CheckPermissionAttribute(string permission)
        {
            this.Permission = permission;
        }
    }
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using ZSZ.CommonMVC;
using ZSZ.IService;

namespace ZSZ.AdminWeb.App_Start
{
    public class ZSZAuthorizeFilter : IAuthorizationFilter
    {
        //public IAdminUserService userService { get; set; }
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            //获得当前要执行的Action上标注的CheckPermissionAttribute实例对象
            CheckPermissionAttribute[] permAtts = (CheckPermissionAttribute[])filterContext.ActionDescriptor
                .GetCustomAttributes(typeof(CheckPermissionAttribute),false);
            if (permAtts.Length <= 0)//没有标注任何的CheckPermissionAttribute,因此也就不需要检查是否登录
                //“无欲无求”
            {
                return;//登录等这些不要求有用户登录的功能
            }
            //得到当前登录用户的id
            long? userId = (long?)filterContext.HttpContext.Session["LoginUserId"];
            if(userId==null)//连登录都没有,就不能访问
            {
                // filterContext.HttpContext.Response.Write("没有登录");
                //filterContext.HttpContext.Response.Redirect();

                //根据不同的请求,给予不同的返回格式。确保ajax请求,浏览器端也能收到json格式
                if(filterContext.HttpContext.Request.IsAjaxRequest())
                {
                    AjaxResult ajaxResult = new AjaxResult();
                    ajaxResult.Status = "redirect";
                    ajaxResult.Data = "/Main/Login";
                    ajaxResult.ErrorMsg = "没有登录";
                    filterContext.Result = new JsonNetResult { Data= ajaxResult };
                }
                else
                {
                    filterContext.Result = new RedirectResult("~/Main/Login");
                }
                
                //filterContext.Result = new ContentResult() { Content= "没有登录" };
                return;
            }

            //由于ZSZAuthorizeFilter不是被autofac创建,因此不会自动进行属性的注入
            //需要手动获取Service对象
            IAdminUserService userService = 
                DependencyResolver.Current.GetService<IAdminUserService>();

            //检查是否有权限
            foreach (var permAtt in permAtts)
            {
                //判断当前登录用户是否具有permAtt.Permission权限
                //(long)userId   userId.Value
                if (!userService.HasPermission(userId.Value,permAtt.Permission))
                {
                    //只要碰到任何一个没有的权限,就禁止访问
                    //在IAuthorizationFilter里面,只要修改filterContext.Result 
                    //那么真正的Action方法就不会执行了
                    if (filterContext.HttpContext.Request.IsAjaxRequest())
                    {
                        AjaxResult ajaxResult = new AjaxResult();
                        ajaxResult.Status = "error";
                        ajaxResult.ErrorMsg = "没有权限"+permAtt.Permission;
                        filterContext.Result = new JsonNetResult { Data = ajaxResult };
                    }
                    else
                    {
                        filterContext.Result
                       = new ContentResult { Content = "没有" + permAtt.Permission + "这个权限" };
                    }                       
                    return;
                }
            }
        }
    }
}

方式二 BaseController

标注

ValidateAntiForgeryToken:  表示用于阻止伪造请求的特性

AllowAnonymous:表示一个特性,该特性用于标记在授权期间要跳过System.Web.Mvc.AuthorizeAttribute 的控制器和操作

Authorize:

Route:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;


namespace WebApplication1.Controllers
{
    [Route("About")]
    [Route("[controller]")]
    [Route("[controller]/[action]")]
    [Route("v2/[controller]/[action]")]
    public class AboutController 
    {
        [Route("")]
        public string Me()
        {
            return "Dave";
        }
        [Route("company")]
        [Route("[action]")]
        public string Company()
        {
            return "No Company";
        }
    }
}

 ModelState.AddModelError("", "验证码不正确。");

 <div class="float-right">@Html.ValidationSummary()</div>