在mvc中定义自己的权限特性。
下例中是简单的登录判断,登录信息存与session中,如果session中没有登录信息,那么就不通过。
在处理无权限的时候,判断当前请求是否为ajax请求,如果是ajax请求,返回json {state=-1,msg=”请登录”},如过不是ajax请求那么就直接重定向到登录页面。
/// <summary>
/// 授权特性
/// </summary>
public class myauthorizeattribute : authorizeattribute
{
string errcode = null;
/// <summary>
/// 授权核心
/// </summary>
/// <param name="httpcontext"></param>
/// <returns></returns>
protected override bool authorizecore(httpcontextbase httpcontext)
{
var logininfo = httpcontext.session["login"];
if (logininfo == null)
{
errcode = "notloggedin";
return false;
}
// 登录用户信息
useridentity useridentity = new useridentity((admininfo)logininfo);
httpcontext.user = new userprincipal(useridentity);
return true;
}
/// <summary>
/// 处理无权限请求
/// </summary>
/// <param name="filtercontext"></param>
protected override void handleunauthorizedrequest(authorizationcontext filtercontext)
{
// 没有登录
if (errcode == "notloggedin")
{
if (filtercontext.httpcontext.request.isajaxrequest())
{
filtercontext.httpcontext.response.statuscode = (int)httpstatuscode.ok;
filtercontext.result = new jsonresult
{
contentencoding = system.text.encoding.utf8,
contenttype = "application/json",
jsonrequestbehavior = jsonrequestbehavior.allowget,
data = new { state = -1, msg = "请重新登录" },
};
}
else
{
filtercontext.result = new redirectresult("/account/login");
}
}
return;
}
}
黄山市民网:https://www.huangshanshimin.com/
