在WEBfrom时代 membership作为系统默认的身份验证提供程序,貌似很好用,但ASP.NET没有开源,我们又不能百分之百的按照微软默认商务方式去进行验证,有无力去彻底重写这个东西,所以membership一直是个鸡肋,但随着ASP.NETmvc的开源,这个东西真的派上了用场,而且比以前更加的强大
在应该用程序中,身份验证和各种各样的验证一直都是系统一个很重要的东西,在ASP.NETmvc中这些被整体打包成为过滤器,感觉其创意来源于IIS的管道模型
主要有一下这几个东西
FilterAttribute,ActionFilterAttribute,AuthorizeAttribute 可以继承重写
IActionFilter, IResultFilter, IExceptionFilter, IAuthorizationFilter 接口可以定义自己的实现
网上有个不错的关系图
刚一开始,我一直纳闷为什们系统自己的FILTER可以传参数
而卧自己继承重写和自己实现的咋就是不能传参了,这个时候终于感受到开源的伟大,看了一些源码终于知道怎么搞了
就是在类中定义公开的属性例如下面的实现的接口
例如 继承重写
public class MyActionFilter:ActionFilterAttribute
{
public override void OnActionExecuted(ActionExecutedContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write(string.Format("1执行"));
base.OnActionExecuted(filterContext);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write(string.Format("2执行"));
base.OnActionExecuting(filterContext);
}
public override void OnResultExecuted(ResultExecutedContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write(string.Format("3执行"));
base.OnResultExecuted(filterContext);
}
public override void OnResultExecuting(ResultExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write(string.Format("4执行"));
base.OnResultExecuting(filterContext);
}
}
public class MyAuthorization : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return base.AuthorizeCore(httpContext);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
base.HandleUnauthorizedRequest(filterContext);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
}
protected override HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext)
{
return base.OnCacheAuthorization(httpContext);
}
}
还有实现接口自定义自己的验证方式
public class MyFilter : FilterAttribute, IActionFilter, IResultFilter, IExceptionFilter, IAuthorizationFilter
{
private string _roles;
private string[] _rolesSplit = new string[0];
private string _users;
private string[] _usersSplit = new string[0];
//过滤器但参数就是过滤器中定义的公开的参数
public string Roles
{
get
{
return _roles ?? String.Empty;
}
set
{
_roles = value;
// _rolesSplit = SplitString(value);
}
}
public string Users
{
get
{
return _users ?? String.Empty;
}
set
{
_users = value;
// _usersSplit = SplitString(value);
}
}
#region IActionFilter 成员
public void OnActionExecuted(ActionExecutedContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write(string.Format("Action({0})已经执行了!<br />"
,filterContext.ActionDescriptor.ActionName));
}
public void OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write(string.Format("Action({0})执行之前!<br />"
,filterContext.ActionDescriptor.ActionName));
}
#endregion
#region IResultFilter 成员
public void OnResultExecuted(ResultExecutedContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write("Result已经执行了!");
}
public void OnResultExecuting(ResultExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.Write("Result执行之前!");
}
#endregion
#region IExceptionFilter 成员
public void OnException(ExceptionContext filterContext)
{
string controller = filterContext.RouteData.Values["controller"] as string;
string action = filterContext.RouteData.Values["action"] as string;
filterContext.RequestContext.HttpContext.Response.Write(string.Format("{0}:{1}发生异常!{2}",
controller,action, filterContext.Exception.Message));
filterContext.ExceptionHandled = true;
}
#endregion
#region IAuthorizationFilter 成员
public void OnAuthorization(AuthorizationContext filterContext)
{
filterContext.HttpContext.Response.Write("执行authorization! 判断时候有权限。。。。<br />");
}
#endregion
}