asp.net mvc里的Filter真的是個很好的東西.之前看教程每次看到講解Filter的地方總有模糊.今天在做測試項目的時候.管理員后台管理的時候.我在每個Action里都先驗證了一下是否登錄.結果做了7,8個Action的時候發現這樣是不是有點太累了?腦袋里馬上靈光一閃.Filter不是有個內置驗證身份的嗎?
馬上搜索,一翻查找之后才發現內置的這個身份驗證是爭對membership的.而我使用的Forms驗證..
咋辦..繼續搜唄.功夫不負有心人..終於讓我給找到了.經過測試,使用很不錯.
7,8個action里的if (!Request.IsAuthenticated)終於可以變成一句了..這樣我就可以更安心的寫Action了.
不說了.貼代碼.
先是自定義的 Filter:
using System; using System.Data; using System.Configuration; using System.Linq; using System.Web; using System.Web.Mvc; using System.Web.Security; using System.Web.Routing; namespace cml.web.Filters { /// /// 角色認證 /// public class VaildateLoginRoleAttribute : ActionFilterAttribute { /// /// 角色名稱 /// public string Role { get; set; } public override void OnActionExecuting(ActionExecutingContext filterContext) { if (!string.IsNullOrEmpty(Role)) { if (!filterContext.HttpContext.User.Identity.IsAuthenticated) { string redirectOnSuccess = filterContext.HttpContext.Request.RawUrl; string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess); string loginUrl = FormsAuthentication.LoginUrl + redirectUrl; filterContext.HttpContext.Response.Redirect(loginUrl, true); } else { //判斷是否存在角色 FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = id.Ticket; string roles = ticket.UserData; string[] chkRoles = this.Role.Split(','); bool isAuthorized = false; if (Array.IndexOf(chkRoles, roles) > -1) isAuthorized = true; else isAuthorized = false; if (!isAuthorized) filterContext.Result = new RedirectToRouteResult("Default", new RouteValueDictionary(new { controller = "Manage", action = "AdminLogin" })); //throw new UnauthorizedAccessException("你沒有權限訪問該頁面"); } } else { throw new InvalidOperationException("沒有指定角色"); } } } //錯誤驗證 //public class ErrorAttribute : ActionFilterAttribute //{ // public override void OnActionExecuted(ActionExecutedContext filterContext) // OnActionExecuted表示在Action執行之后 // { // if (filterContext.Exception != null) // { // filterContext.ExceptionHandled = true; // filterContext.Result = new RedirectToRouteResult("Default", new RouteValueDictionary(new { controller = "Shared", action = "Error" })); // } // } //} public class VaildateLogin : ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { if (!filterContext.HttpContext.User.Identity.IsAuthenticated) { filterContext.Result = new RedirectToRouteResult("Default", new RouteValueDictionary(new { controller = "Manage", action = "AdminLogin" })); } } } } FilterOK了..就去Controller里使用吧. [VaildateLogin] //這里就是使用的Filter驗證,記得在using里引用Filter的命名空間. public ActionResult AddAdmin() { //if (!Request.IsAuthenticated) //這里是開始手動寫的..多麻煩... //{ // return RedirectToAction("AdminLogin"); //} //else //{ cml.BLL.Admin bll = new cml.BLL.Admin(); ViewData["list_model"] = bll.GetAdminList("", 1); return View(); //} }
怎么樣.很方便吧.如果是整個Controller下都需要身份驗證的話..那就把這個Filter放到最外層的Controller上..這樣就不用在每個Action上都寫了.
完工..希望多點人來學習asp.net mvc..要不然教程太少了.好東西也太少了.