Web用户的身份验证及WebApi权限验证流程的设计和实现(续)
2024-10-19 13:33:55
4.4 权限属性RequireAuthorizationAttribute
- "font-size:14px;">///
- /// 权限验证属性类
- ///
- public class RequireAuthorizeAttribute : AuthorizeAttribute
- {
- ///
- /// 用户权限列表
- ///
- public UserAuthModel[] UserAuthList
- {
- get
- {
- return AuthorizedUser.Current.UserAuthList;
- }
- }
- ///
- /// 登录用户票据
- ///
- public string UserLoginTicket
- {
- get
- {
- return AuthorizedUser.Current.UserLoginTicket;
- }
- }
- public override void OnAuthorization(AuthorizationContext filterContext)
- {
- base.OnAuthorization(filterContext);
- ////验证是否是登录用户
- var identity = filterContext.HttpContext.User.Identity;
- if (identity.IsAuthenticated)
- {
- var actionName = filterContext.ActionDescriptor.ActionName;
- var controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
- //验证用户操作是否在权限列表中
- if (HasActionQulification(actionName, controllerName, identity.Name))
- if (!string.IsNullOrEmpty(UserLoginTicket))
- //有效登录用户,有权限访问此Action,则写入Cookie信息
- filterContext.HttpContext.Response.Cookies[FormsAuthentication.FormsCookieName].Value = UserLoginTicket;
- else
- //用户的Session, Cookie都过期,需要重新登录
- filterContext.HttpContext.Response.Redirect("~/Account/Login", false);
- else
- //虽然是登录用户,但没有该Action的权限,跳转到“未授权访问”页面
- filterContext.HttpContext.Response.Redirect("~/Home/UnAuthorized", true);
- }
- else
- {
- //未登录用户,则判断是否是匿名访问
- var attr = filterContext.ActionDescriptor.GetCustomAttributes(true).OfType();
- bool isAnonymous = attr.Any(a => a is AllowAnonymousAttribute);
- if (!isAnonymous)
- //未验证(登录)的用户, 而且是非匿名访问,则转向登录页面
- filterContext.HttpContext.Response.Redirect("~/Account/Login", true);
- }
- }
- ///
- /// 从权限列表验证用户是否有权访问Action
- ///
- ///
- ///
- ///
- private bool HasActionQulification(string actionName, string controllerName, stringuserName)
- {
- //从该用户的权限数据列表中查找是否有当前Controller和Action的item
- var auth = UserAuthList.FirstOrDefault(a =>
- {
- bool rightAction = false;
- bool rightController = a.Controller == controllerName;
- if (rightController)
- {
- string[] actions = a.Actions.Split(',');
- rightAction = actions.Contains(actionName);
- }
- return rightAction;
- });
- //此处可以校验用户的其它权限条件
- //var notAllowed = HasOtherLimition(userName);
- //var result = (auth != null) && notAllowed;
- //return result;
- return (auth != null);
- }
- }
4.5 业务Controller示例
- "font-size:14px;">public class ProductController : WebControllerBase
- {
- [AllowAnonymous]
- public ActionResult Query()
- {
- return View("ProductQuery");
- }
- [HttpGet]
- //[AllowAnonymous]
- [RequireAuthorize]
- public ActionResult Detail(string id)
- {
- var cookie = HttpContext.Request.Cookies;
- string url = base.ApiUrl + "/Get/" + id;
- HttpClient httpClient = HttpClientHelper.Create(url, base.UserLoginTicket);
- string result = httpClient.GetString();
- var model = JsonSerializer.DeserializeFromString(result);
- ViewData["PRODUCT_ADD_OR_EDIT"] = "E";
- return View("ProductForm", model);
- }
- }
最新文章
- [转] 评 WOW技能天赋设计
- 介绍两个挺好用的基于Jquery的上传工具
- Nancy之基于Nancy.Hosting.Aspnet的小Demo
- Linux自己安装redis扩展
- c#方法重载,可选参数,命名参数。
- 监听SD卡状态
- Shell 语法 if 、 case 、for 、 while、 until 、select 、repeat、子函数
- McAfee VirusScan Enterprise
- weblogic 10域结构
- [改善Java代码]覆写变长方法也循规蹈矩
- 解决DataGridView.DataSource重复赋值而不显示问题
- 使用freemarker模板生成word文档
- 1087: [SCOI2005]互不侵犯King
- Freemarker商品详情页静态化服务调用处理
- S-CMS企业建站v3几处SQL注入
- 通过url获取bitmap
- 【Mysql】常用命令
- Android Studio调试时遇见Install Repository and sync project的问题
- go example
- DevExpress破解和消除弹出框问题
热门文章
- UML笔记(3):顺序图、Sequence Diagram
- Video for Linux Two API Specification Revision 2.6.32【转】
- Appium+python自动化20-查看iOS上app元素属性【转载】
- 【原创】Win7 IE故障:APPCRASH,d3d9.dll,c0000005
- PhpStrom弹窗License activation 报 this license BIG3CLIK6F has been cancelled 错误的解决。
- RQNOJ PID217 / [NOIP1999]拦截导弹【n^2 / LIS】
- 小白书 黑白图像【DFS/Flood Fill】
- Python的并发并行[1] ->; 线程[3] ->; 多线程的同步控制
- Python实现微信小程序支付功能
- Codeforces 908 D New Year and Arbitrary Arrangement