详解.Net Core 权限验证与授权（AuthorizeFilter、ActionFilterAttribute）

在.net core 中使用authorizefilter或者actionfilterattribute来实现登录权限验证和授权

一、authorizefilter

新建授权类allowanonymous继承authorizefilter，iallowanonymousfilter

public class allowanonymous : authorizefilter, iallowanonymousfilter
{

 }

新建拦截类继承authorizefilter

public class loginauthorzation : authorizefilter
{

}

在拦截类里加入处理请求的方法

  /// <summary>
  /// 请求验证，当前验证部分不要抛出异常，exceptionfilter不会处理
  /// </summary>
  /// <param name="context">请求内容信息</param>
  public override async task onauthorizationasync(authorizationfiltercontext context)
  {
   if (ishaveallow(context.filters))
   {
    return;
   }
 

   //解析url
   // {/ home / index}
   var url = context.httpcontext.request.path.value;
   if (string.isnullorwhitespace(url))
   {
    return;
   }

   var list = url.split("/");
   if (list.length<=0||url=="/")
   {
    return;
   }
   var controllername = list[1].tostring().trim();
   var actionname = list[2].tostring().trim();
 

   //验证
   var flag=poweristrue.ishavepower(controllername, actionname);
   if (flag.item1!=0)
   {

    context.result = new redirectresult("/home/index");
   }
  }
 

//判断是否不需要权限

public static bool ishaveallow(ilist<ifiltermetadata> filers)
  {
   for (int i = 0; i < filers.count; i++)
   {
    if (filers[i] is iallowanonymousfilter)
    {
     return true;
    }
   }
   return false;

  } 

新建一个业务逻辑判断的类

public static (int,string) ishavepower(string controllername,string actionname)
  {

   return (0,"通过");

  }

在startup注册

 services.addmvc(options =>
   {

    options.filters.add<loginauthorzation>(); // 添加身份验证过滤器

   }

context.httpcontext.request.path.value   获取请求过来的url

二、actionfilterattribute

创建权限判断类继承actionfilterattribute

public class actionfilterattributelogin: actionfilterattribute
 {
  public override void onactionexecuting(actionexecutingcontext filtercontext)

   {
   var isdefined = false;
   var controlleractiondescriptor = filtercontext.actiondescriptor as controlleractiondescriptor;
   if (controlleractiondescriptor != null)
   {
    isdefined = controlleractiondescriptor.methodinfo.getcustomattributes(inherit: true)
     .any(a => a.gettype().equals(typeof(nopermissionrequiredattribute)));
   }
   if (isdefined) return;
   if (string.isnullorwhitespace(filtercontext.httpcontext.request.query["logininfo"].tostring()))
   {
    var item = new contentresult();
    item.content = "没得权限";
    
    filtercontext.result = new redirectresult("/account/login");
   }
   base.onactionexecuting(filtercontext);
  }

  public class nopermissionrequiredattribute : actionfilterattribute
  {
   public override void onactionexecuting(actionexecutingcontext filtercontext)
   {
    base.onactionexecuting(filtercontext);

   }

  }
 }

在startup注册

services.addmvc(options =>
   {
    options.filters.add<actionfilterattributelogin>(); // 添加身份验证过滤器 -- 菜单操作权限

   }

filtercontext.actiondescriptor as controlleractiondescriptor    获取请求进来的控制器与方法

controlleractiondescriptor.methodinfo.getcustomattributes(inherit: true )

.any(a => a.gettype().equals( typeof (nopermissionrequiredattribute)))      判断请求的控制器和方法有没有加上nopermissionrequiredattribute（不需要权限）

string.isnullorwhitespace(filtercontext.httpcontext.request.query[“logininfo”].tostring())     判断请求头是否有标识

以上就是本文的全部内容，希望对大家的学习有所帮助，也希望大家多多支持www.887551.com。