ASP.NET MVC使用Authorize过滤器验证用户登录

MVC使用Authorize过滤器验证用户登录。Authorize过滤器首先运行在任何其它过滤器或动作方法之前，主要用来做登录验证或者权限验证。

示例：使用Authorize过滤器实现简单的用户登录验证。

1、创建登录控制器LoginController

/// <summary>/// 登录控制器/// </summary>[AllowAnonymous]public class LoginController : Controller{/// <summary>/// 登录页面/// </summary>public ActionResult Index(){return View();}/// <summary>/// 登录/// </summary>[HttpPost]public ActionResult Login(string loginName, string loginPwd){if (loginName == "admin" && loginPwd == "123456"){//登录成功Session["LoginName"] = loginName;return RedirectToAction("Index", "Home");}else{//登录失败return RedirectToAction("Index", "Login");}}/// <summary>/// 注销/// </summary>public ActionResult Logout(){Session.Abandon();return RedirectToAction("Index", "Login");}}

注意：在登录控制器LoginController上添加AllowAnonymous特性，该特性用于标记在授权期间要跳过AuthorizeAttribute的控制器和操作。

2、创建登录页面

@{ViewBag.Title = "登录页面";Layout = null;}<h2>登录页面</h2><form action='@Url.Action("Login","Login")' id="form1" method="post">用户：<input type="text" name="loginName" /><br />密码：<input type="password" name="loginPwd" /><br /><input type="submit" value="登录"></form>

效果图：

3、创建主页控制器LoginController

public class HomeController : Controller{public ActionResult Index(){//获取当前登录用户string loginName = Session["LoginName"].ToString();ViewBag.Message = "当前登录用户：" + loginName;return View();}}

4、创建主页页面

@{ViewBag.Title = "Index";Layout = null;}<h2>Index</h2><h3>@ViewBag.Message</h3><a href="@Url.Action("Logout","Login")">注销</a>

效果图：

5、创建授权过滤器LoginAuthorizeAttribute类

创建Filter目录，在该目录下创建授权过滤器LoginAuthorizeAttribute类，继承AuthorizeAttribute。

using System.Web.Mvc;namespace MvcApp.Filter{/// <summary>/// 授权过滤器/// </summary>public class LoginAuthorizeAttribute : AuthorizeAttribute{public override void OnAuthorization(AuthorizationContext filterContext){//判断是否跳过授权过滤器if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)){return;}//判断登录情况if (filterContext.HttpContext.Session["LoginName"] == null || filterContext.HttpContext.Session["LoginName"].ToString()==""){//HttpContext.Current.Response.Write("认证不通过");//HttpContext.Current.Response.End();filterContext.Result = new RedirectResult("/Login/Index");}}}}

通常Authorize过滤器也是在全局过滤器上面的，在App_Start目录下的FilterConfig类的RegisterGlobalFilters方法中添加：

using System.Web;using System.Web.Mvc;using MvcApp.Filter;namespace MvcApp{public class FilterConfig{public static void RegisterGlobalFilters(GlobalFilterCollection filters){filters.Add(new HandleErrorAttribute());//添加全局授权过滤器filters.Add(new LoginAuthorizeAttribute());}}}

Global.asax下的代码：

using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.Mvc;using System.Web.Optimization;using System.Web.Routing;namespace MvcApp{public class MvcApplication : System.Web.HttpApplication{protected void Application_Start(){AreaRegistration.RegisterAllAreas();FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);RouteConfig.RegisterRoutes(RouteTable.Routes);BundleConfig.RegisterBundles(BundleTable.Bundles);}}}