本文實例環境及版本.NetCore3.1
實現系統登錄驗證方式個人總結如下:
1、自定義行為過濾器
2、自定義身份驗證過濾器
3、新建BaseController在OnActionExecuting中實現
一、自定義行為過濾器在OnActionExecuting中實現
1、新建SystemAuthorizeFilter過濾器繼承自 IActionFilter
/// <summary> /// 自定義行為過濾器,實現登錄及權限的驗證 /// </summary> public class SystemAuthorizeFilter : IActionFilter { public void OnActionExecuted(ActionExecutedContext context) { //throw new NotImplementedException(); } /// <summary> /// 在執行控制器中的Action方法之前執行該方法 判斷當前用戶是否登錄 /// </summary> /// <param name="context"></param> public void OnActionExecuting(ActionExecutingContext context) {
//排除可以匿名訪問的 未登錄時 if (HasAllow(context) == false && context.HttpContext.Session.GetString("User") == null) { bool isAjax = IsAjax(context.HttpContext.Request); //如果是Ajax請求自定義返回json if (isAjax) { context.Result = new JsonResult(new { Code = 401, Msg = "登錄已失效,請重新登錄2!" }) { StatusCode=StatusCodes.Status401Unauthorized }; } else { ContentResult Content = new ContentResult(); Content.Content = "<script type='text/javascript'>alert('登錄已失效,請重新登錄!'); top.location.href='/Login/Login';</script>"; Content.ContentType = "text/html;charset=utf-8"; context.Result = Content; } } } /// <summary> /// 排除掉控制器不需要鑒權 即加[AllowAnonymous]特性的無需鑒權 /// </summary> /// <param name="context"></param> /// <returns></returns> public static bool HasAllow(ActionExecutingContext context) { var filters = context.Filters; if (filters.OfType<IAllowAnonymousFilter>().Any()) { return true; } var endpoint = context.HttpContext.GetEndpoint(); return endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null; } /// <summary> /// 判斷是否是Ajax請求 /// </summary> /// <param name="req"></param> /// <returns></returns> public static bool IsAjax(HttpRequest req) { bool result = false; var xreq = req.Headers.ContainsKey("x-requested-with"); if (xreq) { result = req.Headers["x-requested-with"] == "XMLHttpRequest"; } return result; } }
2、在Startup的ConfigureServices中添加
//配置系統過濾器 services.AddControllersWithViews().AddMvcOptions(options => { //自定義行為過濾器的方式,驗證是否登錄及用戶權限 options.Filters.Add<SystemAuthorizeFilter>(); }).AddNewtonsoftJson(options=> { //全局日期格式化 options.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss"; //返回的Json大小寫原樣輸出 options.SerializerSettings.ContractResolver = new DefaultContractResolver(); });
3、在登錄控制器如:LoginController.cs 或不需要鑒權的控制器或方法上添加 [AllowAnonymous] 特性即可。
4、在頁面上Ajax請求中加入判斷如果返回的為401時給予提示並跳轉至登錄頁面
$.ajax({ type: "POST", data: "", async: false, dataType: "json", url: "", beforeSend: function () { }, success: function (data) { if (data.Code != null && data.Code != "undefined" && data.Code == 401) {
alert('登錄已失效,請重新登錄!'); top.location.href='/Login/Login';
}
console.log(data);
},
complete: function () { },
error: function (data) { }
});
二、自定義身份驗證過濾器
新建CustomAuthorizeFilter過濾器繼承自 IAuthorizationFilter
/// <summary> /// 自定義身份驗證過濾器,實現登錄及權限的驗證 /// </summary> public class CustomAuthorizeFilter : IAuthorizationFilter { public void OnAuthorization(AuthorizationFilterContext context) { //如果需要授權 但未登錄 if (HasAllowAnonymous(context) == false && context.HttpContext.Session.GetString("User") == null) { bool isAjax = IsAjax(context.HttpContext.Request); //如果是Ajax請求自定義返回json if (isAjax) { context.Result = new JsonResult(new { Code = 401, Msg = "登錄已失效,請重新登錄2!" }) { StatusCode = StatusCodes.Status401Unauthorized }; } else { ContentResult Content = new ContentResult(); Content.Content = "<script type='text/javascript'> alert('登錄已失效,請重新登錄!'); top.location.href='/Login/Login'; </script>"; Content.ContentType = "text/html;charset=utf-8"; context.Result = Content; } } } /// <summary> /// 排除掉控制器不需要鑒權的 /// </summary> /// <param name="context"></param> /// <returns></returns> private static bool HasAllowAnonymous(AuthorizationFilterContext context) { var filters = context.Filters; if (filters.OfType<IAllowAnonymousFilter>().Any()) { return true; } var endpoint = context.HttpContext.GetEndpoint(); return endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null; } /// <summary> /// 判斷是否是Ajax請求 /// </summary> /// <param name="req"></param> /// <returns></returns> public static bool IsAjax(HttpRequest req) { bool result = false; var xreq = req.Headers.ContainsKey("x-requested-with"); if (xreq) { result = req.Headers["x-requested-with"] == "XMLHttpRequest"; } return result; } }
使用方式同上,不需要鑒權的控制器或方法上添加 [AllowAnonymous] 特性即可。
三、新建BaseController在OnActionExecuting中實現
在BaseController中重寫OnActionExecuting方法
/// <summary> /// 在執行控制器中的Action方法之前執行該方法 判斷當前用戶是否登錄 /// </summary> /// <param name="context"></param> public override void OnActionExecuting(ActionExecutingContext context) { if (context.HttpContext.Session.GetString("User")==null) { //context.Result = Redirect("/Login/Login"); ContentResult Content = new ContentResult(); Content.Content= "<script type='text/javascript'>alert('登錄已失效,請重新登錄!');top.location.href='/Login/Login'</script>"; Content.ContentType = "text/html;charset=utf-8"; context.Result = Content; return; } }
其他的修改可參考上面兩種做補充,在需要鑒權的控制器上集成該BaseController即可。
才疏學淺,相關文檔等僅供自我總結,如有相關問題可留言交流謝謝。