mvc 3.0 自定义 AuthorizeAttribute 权限管理
来源:互联网 发布:欧洲圣母 知乎 编辑:程序博客网 时间:2024/05/17 02:51
本文件要实现的是两个权限模块
1:后台管理员权限模块
2:前台用户权限模块
文件结构如下:
//后台管理员的AdminAuthorize.cs using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.Mvc;using System.Web.Security;namespace WebMvc.Areas.Manager{ public class AdminAuthorize :AuthorizeAttribute { //public override void OnAuthorization(AuthorizationContext filterContext) //{ // base.OnAuthorization(filterContext); //} protected override bool AuthorizeCore(HttpContextBase httpContext) { if (httpContext == null) return false; if (httpContext.User.Identity.IsAuthenticated) { string strARoleName; if (null == httpContext.Session["aRoleName"]) { FormsIdentity formId = (FormsIdentity)httpContext.User.Identity; FormsAuthenticationTicket Ticket = formId.Ticket; strARoleName = Ticket.UserData; httpContext.Session["aRoleName"] = Ticket.UserData; } else strARoleName = httpContext.Session["aRoleName"].ToString(); if (strARoleName == Roles) return true; } return false; } }}登录代码: [HttpPost] public ActionResult LogOn(LogOnModel model, string returnUrl) { if (ModelState.IsValid) { string strPass = UtilityLib.Utility.MD5(model.Password); var adn = woladb.TB_Admin.FirstOrDefault(p => p.Account == model.UserName && p.Pass == strPass); if (adn != null) { string strUserDate = "admin"; FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, adn.Account, DateTime.Now, DateTime.Now.Add(FormsAuthentication.Timeout), false, strUserDate); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); Response.Cookies.Add(cookie); return RedirectToAction("Index", "Home"); } else ModelState.AddModelError("", "提供的用户名或密码不正确。"); } return View(model); } //退出 public ActionResult LogOff() { FormsAuthentication.SignOut(); if (null != Session["aRoleName"]) Session["aRoleName"] = null; return RedirectToAction("LogOn", "Account"); }//前台用户UserAuthorize.csusing System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.Mvc;using System.Web.Security;namespace WebMvc.Areas.User{ public class UserAuthorize : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); if (filterContext.HttpContext.Response.StatusCode == 403) { filterContext.Result = new RedirectResult("/User/Login/"); } } protected override bool AuthorizeCore(HttpContextBase httpContext) { if (httpContext == null) throw new ArgumentNullException("httpContext"); if (httpContext.User.Identity.IsAuthenticated) { string strURoleName; if (null == httpContext.Session["uRoleName"]) { FormsIdentity formId = (FormsIdentity)httpContext.User.Identity; FormsAuthenticationTicket Ticket = formId.Ticket; strURoleName = Ticket.UserData; httpContext.Session["uRoleName"] = Ticket.UserData; } else strURoleName = httpContext.Session["uRoleName"].ToString(); if (strURoleName == Roles) return true; } httpContext.Response.StatusCode = 403; return false; } }}登录代码: [HttpPost] public ActionResult Index(Login login) { if (login.UserName == "user" && login.Password == "pass") { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, login.UserName, DateTime.Now, DateTime.Now.Add(FormsAuthentication.Timeout), false, "user"); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); Response.Cookies.Add(cookie); return RedirectToAction("Index", "Home"); } else return View(login); }public ActionResult Logoff() { FormsAuthentication.SignOut(); if (null != Session["uRoleName"]) Session["uRoleName"] = null; return RedirectToAction("", "Login"); }
这样就可以了,哈哈,别喷啊
- mvc 3.0 自定义 AuthorizeAttribute 权限管理
- MVC自定义AuthorizeAttribute管理页面浏览权限
- MVC 自定义AuthorizeAttribute实现权限管理
- c# mvc 自定义AuthorizeAttribute
- MVC用户权限管理AuthorizeAttribute
- 自定义AuthorizeAttribute
- MVC 基于 AuthorizeAttribute 实现的登陆权限控制
- MVC特性认证 AuthorizeAttribute 类
- MVC特性认证 AuthorizeAttribute 类
- MVC中使用AuthorizeAttribute身份验证
- 解决自定义AuthorizeAttribute实现授权管理,AllowAnonymous属性失效导致无法匿名访问控制器的问题
- AuthorizeAttribute
- MVC中使用AuthorizeAttribute做身份验证操作
- MVC中使用AuthorizeAttribute做身份验证操作
- MVC 拦截器之授权 AuthorizeAttribute
- MVC中使用AuthorizeAttribute做身份验证操作
- MVC中使用AuthorizeAttribute做身份验证操作
- 重写AuthorizeAttribute实现自己的权限验证
- MP4文件格式详解——文件类型ftyp
- Linux虚拟文件系统之文件打开(sys_open())
- 返回内部成员变量的指针
- 软件测试方法大汇总
- C语言练习之第二章
- mvc 3.0 自定义 AuthorizeAttribute 权限管理
- 缺陷管理(一)
- 齐次坐标的理解
- Hadoop Job Scheduling
- Android记住用户
- Linux虚拟文件系统之文件系统卸载(sys_umount())
- 软件测试学习网站小全
- 局域网内linux系统读取windows的共享目录
- 高斯克吕格与地理坐标相互转换算法(JS版本)