在WEBfrom时代 membership作为系统默认的身份验证提供程序,貌似很好用,但ASP.NET没有开源,我们又不能百分之百的按照微软默认商务方式去进行验证,有无力去彻底重写这个东西,所以membership一直是个鸡肋,但随着ASP.NETmvc的开源,这个东西真的派上了用场,而且比以前更加的强大
在应该用程序中,身份验证和各种各样的验证一直都是系统一个很重要的东西,在ASP.NETmvc中这些被整体打包成为过滤器,感觉其创意来源于IIS的管道模型
主要有一下这几个东西
FilterAttribute,ActionFilterAttribute,AuthorizeAttribute 可以继承重写
IActionFilter, IResultFilter, IExceptionFilter, IAuthorizationFilter 接口可以定义自己的实现
网上有个不错的关系图
刚一开始,我一直纳闷为什们系统自己的FILTER可以传参数
而卧自己继承重写和自己实现的咋就是不能传参了,这个时候终于感受到开源的伟大,看了一些源码终于知道怎么搞了
就是在类中定义公开的属性例如下面的实现的接口
例如 继承重写
public class MyActionFilter:ActionFilterAttribute { public override void OnActionExecuted(ActionExecutedContext filterContext) { filterContext.RequestContext.HttpContext.Response.Write(string.Format("1执行")); base.OnActionExecuted(filterContext); } public override void OnActionExecuting(ActionExecutingContext filterContext) { filterContext.RequestContext.HttpContext.Response.Write(string.Format("2执行")); base.OnActionExecuting(filterContext); } public override void OnResultExecuted(ResultExecutedContext filterContext) { filterContext.RequestContext.HttpContext.Response.Write(string.Format("3执行")); base.OnResultExecuted(filterContext); } public override void OnResultExecuting(ResultExecutingContext filterContext) { filterContext.RequestContext.HttpContext.Response.Write(string.Format("4执行")); base.OnResultExecuting(filterContext); } } public class MyAuthorization : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { return base.AuthorizeCore(httpContext); } protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { base.HandleUnauthorizedRequest(filterContext); } public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); } protected override HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext) { return base.OnCacheAuthorization(httpContext); } }
还有实现接口自定义自己的验证方式
public class MyFilter : FilterAttribute, IActionFilter, IResultFilter, IExceptionFilter, IAuthorizationFilter { private string _roles; private string[] _rolesSplit = new string[0]; private string _users; private string[] _usersSplit = new string[0]; //过滤器但参数就是过滤器中定义的公开的参数 public string Roles { get { return _roles ?? String.Empty; } set { _roles = value; // _rolesSplit = SplitString(value); } } public string Users { get { return _users ?? String.Empty; } set { _users = value; // _usersSplit = SplitString(value); } } #region IActionFilter 成员 public void OnActionExecuted(ActionExecutedContext filterContext) { filterContext.RequestContext.HttpContext.Response.Write(string.Format("Action({0})已经执行了!<br />" ,filterContext.ActionDescriptor.ActionName)); } public void OnActionExecuting(ActionExecutingContext filterContext) { filterContext.RequestContext.HttpContext.Response.Write(string.Format("Action({0})执行之前!<br />" ,filterContext.ActionDescriptor.ActionName)); } #endregion #region IResultFilter 成员 public void OnResultExecuted(ResultExecutedContext filterContext) { filterContext.RequestContext.HttpContext.Response.Write("Result已经执行了!"); } public void OnResultExecuting(ResultExecutingContext filterContext) { filterContext.RequestContext.HttpContext.Response.Write("Result执行之前!"); } #endregion #region IExceptionFilter 成员 public void OnException(ExceptionContext filterContext) { string controller = filterContext.RouteData.Values["controller"] as string; string action = filterContext.RouteData.Values["action"] as string; filterContext.RequestContext.HttpContext.Response.Write(string.Format("{0}:{1}发生异常!{2}", controller,action, filterContext.Exception.Message)); filterContext.ExceptionHandled = true; } #endregion #region IAuthorizationFilter 成员 public void OnAuthorization(AuthorizationContext filterContext) { filterContext.HttpContext.Response.Write("执行authorization! 判断时候有权限。。。。<br />"); } #endregion }