action批量访问权限控制

果然下午脑子不好,好几次了,忙了一下午没看懂,早上一来,没过多久就弄清楚了。嘤嘤嘤~~

因为以前接触java的时候filter chain超好用嘛,以至于差点忽略的它的存在,直到我看到.net这边每个controller里面的每个action都需要判定session的存在,真的好烦好烦,而且还担心忘记,出现好几次了,同事的代码没写,跑起来偶尔出错,不是什么大事儿,但是时不时戳你一下就是烦啊。

安利google和SO,昨天第一次在SO答题,好兴奋,哈哈。好了,收!

Attribute感觉是自定义注解的形式。
Attribute分类如下:

  • Authorization filter, which makes security decisions about whether to execute an action method, such as performing authentication or validating properties of the request. The AuthorizeAttribute class is one example of an authorization filter.

  • Action filter, which wraps the action method execution. This filter can perform additional processing, such as providing extra data to the action method, inspecting the return value, or canceling execution of the action method.

  • Result filter, which wraps execution of the ActionResult object. This filter can perform additional processing of the result, such as modifying the HTTP response. The OutputCacheAttribute class is one example of a result filter.

  • Exception filter, which executes if there is an unhandled exception thrown somewhere in action method, starting with the authorization filters and ending with the execution of the result. Exception filters can be used for tasks such as logging or displaying an error page. The HandleErrorAttribute class is one example of an exception filter.

attribute分类的文档
看完Authorization filter的描述以后,我们要的是它啦!
废话不多说,上代码!

public class AdminAuthorizeAttribute : AuthorizeAttribute 
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        HttpSessionStateBase session = filterContext.HttpContext.Session;
        Controller controller = filterContext.Controller as Controller;
        if (controller != null)
        {
            if (session != null && (session["admin"] as Admin) == null)
            {
                filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new {controller = "Admin", action = "Login"}));
            }
        }
    }
}

Action filter其实也是类似的写法,继承ActionFilterAttribute,重写里面的OnActionExecuted(ActionExecutedContext)
OnActionExecuting(ActionExecutingContext)
Called by the ASP.NET MVC framework before the action method executes.
OnResultExecuted(ResultExecutedContext)
OnResultExecuting(ResultExecutingContext)
你需要的方法就好啦!其实看看OnActionExecuting是before method executes的话,重写这个方法也是可以达到这个效果的啦!只是从语义和这几个的设计分类来看,Authorize还是更合适一点。另外OnActionExecuted我感觉也可以用来打log。省事儿。

是不是很简单!!!亏我昨天还死死的翻文档,翻SO都找不到可行方案,觉得自己蠢爆了!!!这个故事告诉本宝,早上效率高,早上班早下班,对身体生活工作都好!

好了,贴几个参考吧,毕竟翻了好多东西。
Filtering in ASP.NET MVC
Creating Custom Action Filters
create the authorize filter with parameter asp.net mvc
Override global authorize filter in ASP.NET Core MVC 1.0
Asp.net MVC4: Authorize on both controller and action
Redirect From Action Filter Attribute

你可能感兴趣的:(action批量访问权限控制)