码迷,mamicode.com
首页 > 其他好文 > 详细

Authorize和AllowAnonymous

时间:2015-07-07 22:32:55      阅读:181      评论:0      收藏:0      [点我收藏+]

标签:

    [Authorize]
    public class HomeController : Controller
    {
        [AllowAnonymous]
        public ActionResult Login()
        {
            string userName = "admin";
            string password = "123456";
            //1.0 自动生成cookie
            FormsAuthentication.SetAuthCookie(userName, false);

            //2.2 手动生成cookie
            //设置ticket信息
            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userName, DateTime.Now, DateTime.Now.AddMinutes(20), false, password);
            //加密
            string strTicket = FormsAuthentication.Encrypt(ticket);
            //生成cookie
            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, strTicket);
            cookie.Expires = ticket.Expiration;
            Response.Cookies.Add(cookie);


            return View();
        }


        public ActionResult SignOut()
        {
            string name = ControllerContext.HttpContext.User.Identity.Name;
            var data = ((FormsIdentity)ControllerContext.HttpContext.User.Identity).Ticket.UserData;
            FormsAuthentication.SignOut();
            return View();
        }
    }

AuthorizeAttribute源码

http://www.cnblogs.com/icyJ/p/MVC_Authorize.html

public virtual void OnAuthorization(AuthorizationContext filterContext)
{
    if (filterContext == null)
    {
        throw new ArgumentNullException("filterContext");
    }

    if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
    {
        throw new InvalidOperationException(MvcResources.AuthorizeAttribute_CannotUseWithinChildActionCache);
    }

    bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true)
                             || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true);

    if (skipAuthorization)
    {
        return;
    }

    if (AuthorizeCore(filterContext.HttpContext))
    {
        HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
        cachePolicy.SetProxyMaxAge(new TimeSpan(0));
        cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
    }
    else
    {
        HandleUnauthorizedRequest(filterContext);
    }
}

自己实现authentication

  public class ActionValidateAttribute:System.Web.Mvc.AuthorizeAttribute
    {
          #region 判断是否登陆和是否有权限
        /// <summary>
        /// 判断是否登陆和是否有权限
        /// </summary>
        /// <param name="filterContext"></param>
        public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)
        {
            //1.0 获取区域名(全部验证)
            string strArea = filterContext.RouteData.DataTokens.Keys.Contains("area") ?
                filterContext.RouteData.DataTokens["area"].ToString().ToLower() : null;

            string strController=filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower();
            string strAction=filterContext.ActionDescriptor.ActionName.ToLower();
            
            //1.1 需要验证区域的集合.根据情况而定,目前我们没有分区域,所以是全部验证          
            //1.2 判断请求路由是否包含在以上集合中           
            //2.0 判断是否包含skip特性(正常情况下登陆、登出skip)
            if(!DoesSkip<MyAuthentication.Attributes.SkipAttribute>(filterContext))
            {
                //3.0 如果不跳过判断是否登陆状态
                bool islogin = OperateContext.Current.IsLogin();
                //3.1 如果没有登陆重定向到登陆页面
                if (!islogin)
                { filterContext.Result = OperateContext.Current.Redirect("/home/login", filterContext.ActionDescriptor); }
                
                ////4.0 已经登陆了,判断是否有权限
                //bool hasPermission=OperateContext.Current.HasPermission(strArea,strController,strAction);
                ////4.1 如果没有权限,重定向到登陆页面
                //if(!hasPermission)
                //{ filterContext.Result = OperateContext.Current.Redirect("/home/login", filterContext.ActionDescriptor); }          
            }
            //base.OnAuthorization(filterContext);
        } 
        #endregion

        #region 判断是否有skip特性+DoesSkip<T>(System.Web.Mvc.AuthorizationContext filterContext)
        /// <summary>
        /// 判断是否包含指定的特性
        /// </summary>
        /// <typeparam name="T"></typeparam>
        /// <param name="filterContext"></param>
        /// <returns></returns>
        protected bool DoesSkip<T>(System.Web.Mvc.AuthorizationContext filterContext) where T : Attribute
        {
            if (!filterContext.ActionDescriptor.IsDefined(typeof(T), false) &&
                !filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(T), false))
            {
                return false;
            }
            return true;
        } 
        #endregion
    }
 public class SkipAttribute:Attribute
    {
    }

 

Authorize和AllowAnonymous

标签:

原文地址:http://www.cnblogs.com/tgdjw/p/4628569.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!