前沿:
一般情况下,在我们做访问权限管理的时候,会把用户的正确登录后的基本信息保存在Session中,以后用户每次请求页面或接口数据的时候,拿到
Session中存储的用户基本信息,查看比较他有没有登录和能否访问当前页面。
Session的原理,也就是在服务器端生成一个SessionID对应了存储的用户数据,而SessionID存储在Cookie中,客户端以后每次请求都会带上这个
Cookie,服务器端根据Cookie中的SessionID找到存储在服务器端的对应当前用户的数据。
FormsAuthentication是微软提供给我们开发人员使用,做身份认证使用的。通过该认证,我们可以把用户Name 和部分用户数据存储在Cookie中,
通过基本的条件设置可以,很简单的实现基本的身份角色认证。
1.配置项
在网站根目录配置web.config
<authentication> ?????<forms name=".ASPXAUTH" loginUrl="account/index" defaultUrl="http://www.baidu.com" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="false" cookieless="UseDeviceProfile" domain="" ></forms> ???</authentication>
2.控制器代码
public class accountController : Controller ???{ ???????// GET: account ???????public ActionResult Index() ???????{ ???????????return View(); ???????} ???????[Authentication] ???????public ActionResult Demo() => View(); ???????[HttpPost] ???????[ValidateAntiForgeryToken] ???????public ActionResult Index(string username,string userpwd) ???????{ ???????????List<LoginVm> userlist = new List<LoginVm>()//模拟数据 ???????????{ ???????????????new LoginVm() { name="Zara", pwd="123456",State=1}, ???????????????new LoginVm(){name="aaaa",pwd="666666",State=0} ???????????}; ????????????????????????if (!ModelState.IsValid) ???????????{ ???????????????return View(); ???????????} ???????????bool status = Request.IsAuthenticated; ???????????LoginVm vm = userlist.FirstOrDefault(u => u.name == username && u.pwd == userpwd); ???????????JavaScriptSerializer serial = new JavaScriptSerializer(); ???????????//判断是否存在 且状态ok ???????????if (vm!=null) ???????????{ ???????????????if (vm.State==0)Content("您倍封号"); ???????????????FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket( ???????????????????1, vm.name, DateTime.Now, DateTime.Now.AddMinutes(30), false, serial.Serialize(vm)); ???????????????string encrytedTicket = FormsAuthentication.Encrypt(authTicket);//创建票据 ???????????????//响应客户端 ???????????????HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,encrytedTicket); ???????????????HttpContext.Response.Cookies.Add(authCookie); ???????????} ???????????return View(); ???????} ???}3.过滤器方面
/// <summary> ???/// 该过滤器为网站提供服务 ???/// 服务内容:行为添加标记即可进行过滤.不用在每个action中进行过滤! ???/// </summary> ???public class AuthenticationAttribute: ActionFilterAttribute ???{ ???????public override void OnActionExecuting(ActionExecutingContext filterContext) ???????{ ???????????if (!filterContext.RequestContext.HttpContext.Request.IsAuthenticated) ???????????{ ???????????????if (filterContext.HttpContext.Request.IsAjaxRequest()) ???????????????{ ???????????????????filterContext.Result = new JsonResult ???????????????????{ ???????????????????????Data = new ???????????????????????{ ???????????????????????????Status = -1, ???????????????????????????Message = "登录过期,请重新登录!" ???????????????????????}, ???????????????????????JsonRequestBehavior = JsonRequestBehavior.AllowGet ???????????????????}; ???????????????} ???????????????else ???????????????{ ???????????????????FormsAuthentication.RedirectToLoginPage();//重定向会登录页 ???????????????} ???????????} ???????????else ???????????{ ???????????????var cookie = filterContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName]; ???????????????//解密用户票据 ???????????????var ticket = FormsAuthentication.Decrypt(cookie.Value); ???????????????//将密文映射到实体模型 ???????????????LoginVm admin = new JavaScriptSerializer().Deserialize<LoginVm>(ticket.UserData); ???????????????//将数据放到ViewData里 方面页面使用 ???????????????filterContext.Controller.ViewData["username"] = admin.name; ???????????????filterContext.Controller.ViewData["userpwd"] = admin.pwd; ???????????} ???????????//Don‘t forget this one ???????????base.OnActionExecuting(filterContext); ???????} ???}我们可以在aciton行为中添加需要登录的视图,这样封装一起就不用一个一个在控制器搞了...
说一说MVC的Authentication过滤(四)
原文地址:https://www.cnblogs.com/iWaitYou/p/9541958.html