前面有寫過關於token認證的,這裏寫一篇關於表單認證的,也有說是票據認證的,由於用到是mvc就不用繼承父類控制器,在父類控制器中做使用驗證方法了,我們是用mvc很好的東西filter過濾!
1,寫過濾器的代碼,一看就知道作用
/// <summary>
/// 表示需要用戶登錄纔可以使用的特性
/// 如果不需要處理用戶登錄,則請指定AllowAnonymousAttribute屬性
/// </summary>
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
public class AuthenAdminAttribute : ActionFilterAttribute, IAuthorizationFilter //繼承這兩個
{
//下面連個方法都可以用作驗證,只不過執行順序不同
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
//RequestContext requestContext = new RequestContext();
//if (filterContext.HttpContext.Session[LoginUserInfo.uid.ToString()] == null)
// //filterContext.Result = new RedirectToRouteResult("Login", new RouteValueDictionary { { "from", Request.Url.ToString() } });
// filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { action = "Login", controller = "Home" }));
//base.OnActionExecuting(filterContext);
}
public void OnAuthorization(AuthorizationContext filterContext)
{
//RouteValueDictionary res = filterContext.RouteData.Values;
//string ViewName = res.Values.ToList()[1].ToString();
bool isLogin = Authentication.isLogin();
if (!isLogin)
{
filterContext.Result = new RedirectResult("/admin/home/login");
// filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { action = "home", controller = "login" }));
}
}
}
在過濾配置中添加過濾類
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new AuthenAdminAttribute()); //同時在這裏添加
}
}
同時有個驗證的幫助類,別忘記添加,當然方法裏有用的一些信息怎麼存儲,因人而異
public class Authentication
{
/// <summary>
/// 設置用戶登陸成功憑據(Cookie存儲)
/// </summary>
/// <param name="UserName">用戶名</param>
/// <param name="PassWord">密碼</param>
/// <param name="Rights">權限</param>
public static void SetCookie(string UserName, string PassWord, string Rights)
{
//
//String PassWord="test";
//
String UserData = UserName + "#" + PassWord + "#" + Rights;
if (true)
{
//數據放入ticket
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, UserName, DateTime.Now, DateTime.Now.AddMinutes(60), false, UserData); //失效爲60分鐘
//數據加密
string enyTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, enyTicket);
HttpContext.Current.Response.Cookies.Add(cookie);
}
}
/// <summary>
/// 判斷用戶是否登陸
/// </summary>
/// <returns>True,Fales</returns>
public static bool isLogin()
{
return HttpContext.Current.User.Identity.IsAuthenticated;
}
/// <summary>
/// 註銷登陸
/// </summary>
public static void logOut()
{
FormsAuthentication.SignOut();
}
/// <summary>
/// 獲取憑據中的用戶名
/// </summary>
/// <returns>用戶名</returns>
public static string getUserName()
{
if (isLogin())
{
string strUserData = ((FormsIdentity)(HttpContext.Current.User.Identity)).Ticket.UserData;
string[] UserData = strUserData.Split('#');
if (UserData.Length != 0)
{
return UserData[0].ToString();
}
else
{
return "";
}
}
else
{
return "";
}
}
/// <summary>
/// 獲取憑據中的密碼
/// </summary>
/// <returns>密碼</returns>
public static string getPassWord()
{
if (isLogin())
{
string strUserData = ((FormsIdentity)(HttpContext.Current.User.Identity)).Ticket.UserData;
string[] UserData = strUserData.Split('#');
if (UserData.Length != 0)
{
return UserData[1].ToString();
}
else
{
return "";
}
}
else
{
return "";
}
}
/// <summary>
/// 獲取憑據中的用戶權限
/// </summary>
/// <returns>用戶權限</returns>
public static string getRights()
{
if (isLogin())
{
string strUserData = ((FormsIdentity)(HttpContext.Current.User.Identity)).Ticket.UserData;
string[] UserData = strUserData.Split('#');
if (UserData.Length != 0)
{
return UserData[2].ToString();
}
else
{
return "";
}
}
else
{
return "";
}
}
}
到這裏就結束了?還需要使用驗證的特性,這裏涉及過濾器的使用
public class HomeController : Controller
{
[AuthenAdmin]
public ActionResult Index()
{
return View();
}
}
那麼在訪問到 home/Index 很久就會判斷是否登陸,沒有登陸這跳轉登錄頁
值得注意的是,用戶的一些重要信息放到了cookie裏面,雖然加密了, 但是也容易被獲取篡改,有必要的話,獲取到信息之後去數據庫校驗一下,或其他辦法增加安全性
這裏說一下AuthenAdmin 的驗證範圍:
1,在Action 上,那麼對這個Action 起到作用
2,在Controller,那麼對這個 整個控制器的Action 都 起到作用
3,全局配置文件(Global.asax)中註冊,那麼多所用的 Controller 起到過濾作用
註冊代碼: FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); //對整個MVC項目的所有Action都使用此過濾器
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
}
順便多寫一點,如果webform 玩的很好,應該知道 Global.asax 有些方法是很實用的,比如:Application_BeginRequest , Session_End 等等,可以去查一下!
就寫到這裏吧,希望對他人有用!