ASP.NET MVC备忘

身份验证

方式一

using System; using System.Collections.Generic; using System.Linq; using System.Web; namespace ZSZ.AdminWeb.App_Start { //这个Attribute能够应用到方法上，并且能够添加多个 [AttributeUsage(AttributeTargets.Method,AllowMultiple =true)] public class CheckPermissionAttribute:Attribute { public string Permission { get; set; } public CheckPermissionAttribute(string permission) { this.Permission = permission; } } }

using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Mvc; using ZSZ.CommonMVC; using ZSZ.IService; namespace ZSZ.AdminWeb.App_Start { public class ZSZAuthorizeFilter : IAuthorizationFilter { //public IAdminUserService userService { get; set; } public void OnAuthorization(AuthorizationContext filterContext) { //得到当前要执行的Action上标注的CheckPermissionAttribute实例对象 CheckPermissionAttribute[] permAtts = (CheckPermissionAttribute[])filterContext.ActionDescriptor .GetCustomAttributes(typeof(CheckPermissionAttribute),false); if (permAtts.Length <= 0)//没有标注任何的CheckPermissionAttribute，所以也就不须要检查是否登陆 //“无欲无求” { return;//登陆等这些不要求有用户登陆的功能 } //获得当前登陆用户的id long? userId = (long?)filterContext.HttpContext.Session["LoginUserId"]; if(userId==null)//连登陆都没有，就不能访问 { // filterContext.HttpContext.Response.Write("没有登陆"); //filterContext.HttpContext.Response.Redirect(); //根据不一样的请求，给予不一样的返回格式。确保ajax请求，浏览器端也能收到json格式 if(filterContext.HttpContext.Request.IsAjaxRequest()) { AjaxResult ajaxResult = new AjaxResult(); ajaxResult.Status = "redirect"; ajaxResult.Data = "/Main/Login"; ajaxResult.ErrorMsg = "没有登陆"; filterContext.Result = new JsonNetResult { Data= ajaxResult }; } else { filterContext.Result = new RedirectResult("~/Main/Login"); } //filterContext.Result = new ContentResult() { Content= "没有登陆" }; return; } //因为ZSZAuthorizeFilter不是被autofac建立，所以不会自动进行属性的注入 //须要手动获取Service对象 IAdminUserService userService = DependencyResolver.Current.GetService<IAdminUserService>(); //检查是否有权限 foreach (var permAtt in permAtts) { //判断当前登陆用户是否具备permAtt.Permission权限 //(long)userId userId.Value if (!userService.HasPermission(userId.Value,permAtt.Permission)) { //只要碰到任何一个没有的权限，就禁止访问 //在IAuthorizationFilter里面，只要修改filterContext.Result //那么真正的Action方法就不会执行了 if (filterContext.HttpContext.Request.IsAjaxRequest()) { AjaxResult ajaxResult = new AjaxResult(); ajaxResult.Status = "error"; ajaxResult.ErrorMsg = "没有权限"+permAtt.Permission; filterContext.Result = new JsonNetResult { Data = ajaxResult }; } else { filterContext.Result = new ContentResult { Content = "没有" + permAtt.Permission + "这个权限" }; } return; } } } } }

方式二 BaseController

标注

ValidateAntiForgeryToken:  表示用于阻止伪造请求的特性

AllowAnonymous：表示一个特性，该特性用于标记在受权期间要跳过System.Web.Mvc.AuthorizeAttribute 的控制器和操做

Authorize:

Route:

using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Microsoft.AspNetCore.Mvc; namespace WebApplication1.Controllers { [Route("About")] [Route("[controller]")] [Route("[controller]/[action]")] [Route("v2/[controller]/[action]")] public class AboutController { [Route("")] public string Me() { return "Dave"; } [Route("company")] [Route("[action]")] public string Company() { return "No Company"; } } } 

 ModelState.AddModelError("", "验证码不正确。");

 <div class="float-right">@Html.ValidationSummary()</div>

 

 var nodes = treeObj.getCheckedNodes(true);

 JSON.stringify(nodes)

 IEnumerable<SysMenuDTO> list1 = JsonConvert.DeserializeObject<List<SysMenuDTO>>(menus);