在MVC中定義自己的權限特性。
下例中是簡單的登錄判斷,登錄信息存與Session中,如果Session中沒有登錄信息,那么就不通過。
在處理無權限的時候,判斷當前請求是否為Ajax請求,如果是Ajax請求,返回Json {state=-1,msg="請登錄"},如過不是Ajax請求那么就直接重定向到登錄頁面。
/// <summary> /// 授權特性 /// </summary> public class MyAuthorizeAttribute : AuthorizeAttribute { string errcode = null; /// <summary> /// 授權核心 /// </summary> /// <param name="httpContext"></param> /// <returns></returns> protected override bool AuthorizeCore(HttpContextBase httpContext) { var loginInfo = httpContext.Session["login"]; if (loginInfo == null) { errcode = "NotLoggedIn"; return false; } // 登錄用戶信息 UserIdentity userIdentity = new UserIdentity((AdminInfo)loginInfo); httpContext.User = new UserPrincipal(userIdentity); return true; } /// <summary> /// 處理無權限請求 /// </summary> /// <param name="filterContext"></param> protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { // 沒有登錄 if (errcode == "NotLoggedIn") { if (filterContext.HttpContext.Request.IsAjaxRequest()) { filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.OK; filterContext.Result = new JsonResult { ContentEncoding = System.Text.Encoding.UTF8, ContentType = "application/json", JsonRequestBehavior = JsonRequestBehavior.AllowGet, Data = new { state = -1, msg = "請重新登錄" }, }; } else { filterContext.Result = new RedirectResult("/Account/Login"); } } return; } }