如今多数网站必须验证用户登录并利用Session或者Cookie存储用户登录后才能进行操做,session
若是存储过时或者没用登录则自动返回到登录界面,而MVC自带AuthorizeAttribute属性进行验证。ide
一、 用户登录网站
输入用户登陆名和密码验证成功后,利用Session存储登录用户信息url
HttpContext.Current.Session["LoginUser"] = userDTO;//userDTO登录用户实体类
二、建立AccountManagerment类下GetCurrentUser()方法,获取Session中存储的用户信息,返回实体类UserDTOspa
public class AccountManagerment { /// <summary> /// 获取当前用户信息 /// </summary> /// <returns></returns> public static UserDTO GetCurrentUser() { var session = HttpContext.Current.Session["LoginUser"]; if (session == null) return new UserDTO(); return session as UserDTO; } }
三、建立AccountAuthorizeAttribute类,继承AuthorizeAttribute,并重写OnAuthorization方法code
/// <summary> /// 验证用户是否登陆 /// </summary> public class AccountAuthorizeAttribute : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext authorizationContext) { var httpContext = authorizationContext.HttpContext; var request = httpContext.Request; ActionResult actionResult = null; string message = string.Empty; var user = AccountManagerment.GetCurrentUser(); if (user.rolepermissionDTO == null) { String url = request.RawUrl; UrlHelper urlHelper = new UrlHelper(request.RequestContext); //利用Action 指定的操做名称、控制器名称和路由值生成操做方法的彻底限定 URL。 string returnUrl = urlHelper.Action("Login", "Home", new { returnUrl = "", message = message }); actionResult = new RedirectResult(returnUrl); } authorizationContext.Result = actionResult; } }
四、将属性[AccountAuthorize]置于整个Controller之上。当用户有操做时,进入控制器前都会先验证用户是否登陆,或者存储用户信息过时从而返回登陆界面。blog
[AccountAuthorize] public ActionResult Index(string title, string dp, string end, int id = 1) { return view(); }