代碼順序為:OnAuthorization-->AuthorizeCore-->HandleUnauthorizedRequest
如果AuthorizeCore返回false時,才會走HandleUnauthorizedRequest 方法,並且Request.StausCode會返回401,401錯誤又對應了Web.config中的:
<authentication mode="Forms"> <forms loginUrl="~/" timeout="2880" /> </authentication>
所有,AuthorizeCore==false 時,會跳轉到 web.config 中定義的 loginUrl="~/"
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public class CheckLoginAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { bool Pass = false; if (!CheckLogin.AdminLoginCheck()) { httpContext.Response.StatusCode = 401;//無權限狀態碼 Pass = false; } else { Pass = true; } return Pass; }
protected override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
} protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { base.HandleUnauthorizedRequest(filterContext); if (filterContext.HttpContext.Response.StatusCode == 401) { filterContext.Result = new RedirectResult("/"); } }
}
AuthorizeAttribute的OnAuthorization方法內部調用了AuthorizeCore方法,這個方法是實現驗證和授權邏輯的地方,如果這個方法返回true,表示授權成功,如果返回false, 表示授權失敗, 會給上下文設置一個HttpUnauthorizedResult,這個ActionResult執行的結果是向瀏覽器返回一個401狀態碼(未授權),但是返回狀態碼沒什么意思,通常是跳轉到一個登錄頁面,可以重寫AuthorizeAttribute的HandleUnauthorizedRequest
protected override void HandleUnauthorizedRequest(AuthorizationContext context) { if (context == null) { throw new ArgumentNullException("filterContext"); } else { string path = context.HttpContext.Request.Path; string strUrl = "/Account/LogOn?returnUrl={0}"; context.HttpContext.Response.Redirect(string.Format(strUrl, HttpUtility.UrlEncode(path)), true); } }