首先,添加一个类AuthenticationAttribute,该类继承AuthorizeAttribute,如下:
using System.Web;
using System.Web.Mvc;
namespace Zhong.Web
{
public class AuthenticationAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
//base.OnAuthorization(filterContext);
//如果控制器没有加AllowAnonymous特性或者Action没有加AllowAnonymous特性才检查
if (!filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute),true) && !filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute),true))
{
//此处写判断是否登录的逻辑代码
//这里使用cookie来判断是否登录,为了简单说明特性的使用方式,cookie记录的是用户名和明文密码(实际当中需要经过诸如加密等处理)
HttpCookie cookie = filterContext.HttpContext.Request.Cookies["Member"];
if (!(cookie!=null && cookie.Values["name"] == "test" && cookie.Values["pass"] == "123"))
{
filterContext.Result = new RedirectResult("/Member/Login");
}
}
}
}
}
在MemberControll中加上特性Authentication,Member控制器下有三个Action方法,一个是首页Index,一个是登录页Login,一个是处理Post方式的登录页Login,Index对应的视图代码如下:
@{
ViewBag.Title = "Index";
}
<h2>这是会员中心</h2>
Login对应的视图代码如下:
@{
ViewBag.Title = "Login";
}
<h2>会员登录</h2>
@using (Html.BeginForm())
{
<label>用户名:</label><input type="text" name="name" /><br />
<label>密码:</label><input type="password" name="password" /><br />
<input type="submit" value="登录" />
}
当没有登录直接访问Member/Index时,会跳转到Login。当输入正确的用户名密码登录时,会跳转到Index页面。
完整的MemberController代码如下:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
namespace Zhong.Web.Controllers
{
[Authentication]
public class MemberController : Controller
{
// GET: Member
public ActionResult Index()
{
return View();
}
[AllowAnonymous]
public ActionResult Login()
{
return View();
}
[AllowAnonymous]
[HttpPost]
public ActionResult Login(string name,string password)
{
//这里为了简单演示一下登录的判断,主要是验证AuthenticationAttribute的作用,实际的运用中可能要查询数据库、
//密码判断需要加密处理等
if (name == "test" && password == "123")
{
HttpCookie cookie = new HttpCookie("Member");
cookie.Values["name"] = "test";
cookie.Values["pass"] = "123";
Response.Cookies.Add(cookie);
return RedirectToAction("Index");
}
return View();
}
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
namespace Zhong.Web.Controllers
{
[Authentication]
public class MemberController : Controller
{
// GET: Member
public ActionResult Index()
{
return View();
}
[AllowAnonymous]
public ActionResult Login()
{
return View();
}
[AllowAnonymous]
[HttpPost]
public ActionResult Login(string name,string password)
{
//这里为了简单演示一下登录的判断,主要是验证AuthenticationAttribute的作用,实际的运用中可能要查询数据库、
//密码判断需要加密处理等
if (name == "test" && password == "123")
{
HttpCookie cookie = new HttpCookie("Member");
cookie.Values["name"] = "test";
cookie.Values["pass"] = "123";
Response.Cookies.Add(cookie);
return RedirectToAction("Index");
}
return View();
}
}
}
特别说明:由于控制器使用了Authentication特性,所以请求其下的所有Action都要先通过授权/登录 验证,Login是登录页面,访问这个页面一般是没有登录的状态,所以需要允许匿名访问,于是加了[AllowAnonymous]
上面的AuthorizationAttribute的另一种写法是继承FilterAttribute 并实现接口IAuthorizationFilter,方式与系统的AuthorizeAttribute类似,
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
namespace Zhong.Web
{
public class TestAttribute : FilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
//throw new NotImplementedException();
//TODO: 此处写需要实现登录验证的代码
}
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
namespace Zhong.Web
{
public class TestAttribute : FilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
//throw new NotImplementedException();
//TODO: 此处写需要实现登录验证的代码
}
}
}