MVC 用户权限过滤器。

<1>

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using Peer._128uu.DAL.Model;
using Peer._128uu.DAL.lib;

namespace bigtree.Model
{
    public class CheckLoginAttribute:AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            //HttpContext
            if (filterContext == null)
                throw new ArgumentNullException();
            var currentUser = filterContext.HttpContext.Session["UserInfo"];
            if (currentUser == null)
            {
                filterContext.Result = new RedirectResult("/login");
            }
            var user = (MemberInfo)currentUser;
            var iSql = "select count(0) from Memberinfo where (UserName='@UserName' or Email='@Email' or Mobile='@Mobile') and Pwd='@Pwd'" ;
            Dictionary<string, DBParam> pas = new Dictionary<string, DBParam>();
            pas.Add("UserName",new DBParam{ ParamValue=user.UserName});
            pas.Add("Mobile", new DBParam { ParamValue = user.Mobile });
            pas.Add("Email", new DBParam { ParamValue = user.Email });
            pas.Add("Pwd", new DBParam { ParamValue = user.Pwd });

            int a = Convert.ToInt32(SQLHelper.Get_Value(iSql, SQLHelper.GetCon(), pas));


            if(a<1)
                filterContext.Result = new RedirectResult("/login");
           // var user = (MemberInfo)currentUser;

        }

        //protected override bool AuthorizeCore(HttpContextBase httpContext)
        //{
        //    if (httpContext == null)
        //        throw new ArgumentNullException();
        //    var currentUser = (MemberInfo)httpContext.Session["UserInfo"];
        //    if (currentUser == null) return false;

        //    //这里根据MemberInfo里的登录名和密码去查数据库，
        //    //如果查不到，返回false

        //    return true;


        //}
    }
}