mvc 3.0 自定义 AuthorizeAttribute 权限管理

本文件要实现的是两个权限模块

1:后台管理员权限模块

2:前台用户权限模块

文件结构如下:

//后台管理员的AdminAuthorize.cs  using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.Mvc;using System.Web.Security;namespace WebMvc.Areas.Manager{    public class AdminAuthorize :AuthorizeAttribute    {        //public override void OnAuthorization(AuthorizationContext filterContext)        //{        //    base.OnAuthorization(filterContext);        //}        protected override bool AuthorizeCore(HttpContextBase httpContext)        {            if (httpContext == null)                return false;               if (httpContext.User.Identity.IsAuthenticated)            {                string strARoleName;                if (null == httpContext.Session["aRoleName"])                {                    FormsIdentity formId = (FormsIdentity)httpContext.User.Identity;                    FormsAuthenticationTicket Ticket = formId.Ticket;                    strARoleName = Ticket.UserData;                    httpContext.Session["aRoleName"] = Ticket.UserData;                }                else                    strARoleName = httpContext.Session["aRoleName"].ToString();                if (strARoleName == Roles)                    return true;            }            return false;        }    }}登录代码: [HttpPost]        public ActionResult LogOn(LogOnModel model, string returnUrl)        {            if (ModelState.IsValid)            {                string strPass = UtilityLib.Utility.MD5(model.Password);                var adn = woladb.TB_Admin.FirstOrDefault(p => p.Account == model.UserName && p.Pass == strPass);                if (adn != null)                {                    string strUserDate = "admin";                    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,                       adn.Account,                       DateTime.Now,                       DateTime.Now.Add(FormsAuthentication.Timeout),                       false, strUserDate);                    HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));                    Response.Cookies.Add(cookie);                    return RedirectToAction("Index", "Home");                }                else                    ModelState.AddModelError("", "提供的用户名或密码不正确。");            }            return View(model);        }        //退出        public ActionResult LogOff() {            FormsAuthentication.SignOut();            if (null != Session["aRoleName"])                Session["aRoleName"] = null;            return RedirectToAction("LogOn", "Account");        }//前台用户UserAuthorize.csusing System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.Mvc;using System.Web.Security;namespace WebMvc.Areas.User{    public class UserAuthorize : AuthorizeAttribute    {        public override void OnAuthorization(AuthorizationContext filterContext)        {            base.OnAuthorization(filterContext);            if (filterContext.HttpContext.Response.StatusCode == 403)            {                filterContext.Result = new RedirectResult("/User/Login/");            }        }        protected override bool AuthorizeCore(HttpContextBase httpContext)        {            if (httpContext == null)                throw new ArgumentNullException("httpContext");            if (httpContext.User.Identity.IsAuthenticated)            {                string strURoleName;                if (null == httpContext.Session["uRoleName"])                {                    FormsIdentity formId = (FormsIdentity)httpContext.User.Identity;                    FormsAuthenticationTicket Ticket = formId.Ticket;                    strURoleName = Ticket.UserData;                    httpContext.Session["uRoleName"] = Ticket.UserData;                }                else                    strURoleName = httpContext.Session["uRoleName"].ToString();                if (strURoleName == Roles)                    return true;            }            httpContext.Response.StatusCode = 403;            return false;        }    }}登录代码:        [HttpPost]        public ActionResult Index(Login login)        {            if (login.UserName == "user" && login.Password == "pass")            {                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(                      1,                      login.UserName,                      DateTime.Now,                      DateTime.Now.Add(FormsAuthentication.Timeout),                      false,                      "user");                HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));                Response.Cookies.Add(cookie);                return RedirectToAction("Index", "Home");            }            else                return View(login);        }public ActionResult Logoff() {            FormsAuthentication.SignOut();            if (null != Session["uRoleName"])                 Session["uRoleName"] = null;                        return RedirectToAction("", "Login");        }

这样就可以了,哈哈,别喷啊