标签:abstract not desc 用户 pass encrypt www 还需 exp
承接上篇,这里主要介绍如何实现cookie验证登录以及简单的BaseRepository编写。废话不多说,下面进入主题。
一、cookie验证登录
1、startup的ConfigurationServices方法加上如下代码:
同样startup的Configure方法加上如下代码:
2、继承AuthorizeAttribute标签并实现IAuthorizationFilter接口,代码如下:
using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.Abstractions; using Microsoft.AspNetCore.Mvc.Filters; using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; namespace Ye.BoardMessage.WebApp.Models { /// <summary> /// 跳过检查属性 /// </summary> [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)] public sealed class SkipUserAuthorizeAttribute : Attribute, IFilterMetadata { } [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)] public class UserAuthorizeAttribute : AuthorizeAttribute, IAuthorizationFilter { public UserAuthorizeAttribute() { this.AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme; } public virtual void OnAuthorization(AuthorizationFilterContext filterContext) { var authenticate = filterContext.HttpContext.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme); if (authenticate.Result.Succeeded || this.SkipUserAuthorize(filterContext.ActionDescriptor)) { return; } HttpRequest httpRequest = filterContext.HttpContext.Request; string url = "/Account/Login"; url = string.Concat(url, "?returnUrl=", httpRequest.Path); RedirectResult redirectResult = new RedirectResult(url); filterContext.Result = redirectResult; return; } protected virtual bool SkipUserAuthorize(ActionDescriptor actionDescriptor) { bool skipAuthorize = actionDescriptor.FilterDescriptors.Where(a => a.Filter is SkipUserAuthorizeAttribute).Any(); if (skipAuthorize) { return true; } return false; } } }
3、验证,代码如下:
[HttpPost] [ValidateAntiForgeryToken] public async Task<IActionResult> Login(string email, string password) { password = MD5Encrypted(password); var serviceResponse = service.Login(email, password); if (!serviceResponse.IsSuccess) { return Content("用户名或者密码错误“); } var claims = new List<Claim> { new Claim(ClaimTypes.Name, serviceResponse.Result.Email), new Claim("FullName", serviceResponse.Result.FullName), new Claim(ClaimTypes.Role, "Administrator"), }; var claimsIdentity = new ClaimsIdentity( claims, CookieAuthenticationDefaults.AuthenticationScheme); await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity)); return LocalRedirect(Request.Query["ReturnUrl"].ToString() ?? "/"); }
4、退出,代码如下:
[Models.UserAuthorize] [HttpGet] public async Task<IActionResult> Logout() { await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); return LocalRedirect("/Account/Login"); }
说明:以上代码的实现参考了 《这个大神的博客》
二、BaseRepository实现
封装了基本的增删改查方法,可以与其他仓储共用。此外,有个比较大的缺陷,没有实现事务方面的UnitOfWork,对这个感兴趣的看官可以自行实现,亦可以参考ABP的EF实现,这里有部分代码也是参考ABP的实现的。好了,废话不多说,上代码:
接口:
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore.ChangeTracking; using System; using System.Collections.Generic; using System.Linq; using System.Linq.Expressions; using System.Text; using System.Threading.Tasks; namespace Ye.BoardMessage.Entity.IRepositories { public interface IBaseRepository<TEntity,TKey> where TEntity : class,new() { bool Insert(TEntity entity); Task<EntityEntry<TEntity>> InsertAsync(TEntity entity); TEntity Update(TEntity entity); Task<TEntity> UpdateAsync(TEntity entity); void Delete(TEntity entity); void Delete(IEnumerable<TEntity> entities); TEntity First(); Task<TEntity> FirstAsync(); TEntity First(Expression<Func<TEntity, bool>> where); Task<TEntity> FirstAsync(Expression<Func<TEntity, bool>> where); IQueryable<TEntity> Query(); IQueryable<TEntity> Query(Expression<Func<TEntity,bool>> where); DbContext DbContext { get; } int SaveChanged(); } }
实现:
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore.ChangeTracking; using System; using System.Collections.Generic; using System.Linq.Expressions; using System.Text; using System.Threading.Tasks; using Ye.BoardMessage.Entity.IRepositories; using System.Linq; namespace Ye.BoardMessage.Repository { public class BaseRepository<TEntity, TKey> : IBaseRepository<TEntity, TKey> where TEntity : class, new() { private DbContext _context; protected BaseRepository(DbContext context) { this._context = context; } public bool Insert(TEntity entity) { if (null == entity) return false; Table.Add(entity); return true; } public Task<EntityEntry<TEntity>> InsertAsync(TEntity entity) { return Table.AddAsync(entity); } public TEntity Update(TEntity entity) { AttachIfNot(entity); _context.Entry(entity).State = EntityState.Modified; return entity; } public Task<TEntity> UpdateAsync(TEntity entity) { return Task.FromResult(Update(entity)); } public void Delete(TEntity entity) { AttachIfNot(entity); Table.Remove(entity); } public void Delete(IEnumerable<TEntity> entities) { foreach (TEntity item in entities) Delete(item); } public TEntity First() { return Table.First(); } public Task<TEntity> FirstAsync() { return Table.FirstAsync(); } public TEntity First(Expression<Func<TEntity, bool>> where) { if (null == where) return null; return Table.First(where); } public Task<TEntity> FirstAsync(Expression<Func<TEntity, bool>> where) { if (null == where) return null; return Table.FirstAsync(where); } public DbContext DbContext => _context; public DbSet<TEntity> Table { get { return _context.Set<TEntity>(); } } public IQueryable<TEntity> Query() { return Table.AsQueryable<TEntity>(); } public IQueryable<TEntity> Query(Expression<Func<TEntity, bool>> where) { if (null != where) return Table.Where(where); else return Query(); } protected virtual void AttachIfNot(TEntity entity) { if (!Table.Local.Contains(entity)) { Table.Attach(entity); } } public int SaveChanged() { return _context.SaveChanges(); } } }
三、总结
EFCore的使用与EntityFramework并无多大区别;asp.net core 安全方面集成的东西很多,光是官方文档就占据了上十个篇幅来介绍,在这方面还需要下苦工来研究,可谓 ”路漫漫其修远兮“ 。这里稍微提下,前端模板是使用开源的前端模板《SB-admin》,一款bootstrap风格的模板。下面上几个图片看看效果。
1、登录
2、首页
3、列表页面
至此,这个系列已经基本完毕,下篇将简单介绍下如何安装以及使用(网上参考资料太多,本人主要是整理下本人觉得有用的博文)。
asp.net core2.1+EFCore + MVC开发留言管理项目实战(二)
标签:abstract not desc 用户 pass encrypt www 还需 exp
原文地址:https://www.cnblogs.com/wind-ye/p/9739201.html
