asp.net mvc 权限过滤和单点登录(禁止重复登录)
1.权限控制使用controller和 action来实现,权限方式有很多种,最近开发项目使用控制控制器方式实现代码如下
/// /// 用户权限控制/// public class UserAuthorize : AuthorizeAttribute{/// /// 授权失败时呈现的视图/// public string AuthorizationFailView { get; set; }/// /// 请求授权时执行/// /// 上下文public override void OnAuthorization(AuthorizationContext filterContext){// 获取url请求里的 controller 和 action string controllerName = filterContext.RouteData.Values["controller"].ToString();string actionName = filterContext.RouteData.Values["action"].ToString();// 获取用户信息UserLoginBaseInfo _userLoginInfo = filterContext.HttpContext.Session[Property.UerLoginSession] as UserLoginBaseInfo;//根据请求过来的controller和action去查询可以被哪些角色操作: 这是查询数据库 roleid使用 1,2,3,4格式RoleWithControllerAction roleWithControllerAction =SampleData.roleWithControllerAndAction.FirstOrDefault(r => r.ControllerName.ToLower() == controllerName.ToLower() && r.ActionName.ToLower() == actionName.ToLower() && r.RoleIds.contails("3"));// 有值处理if (roleWithControllerAction != null){//有权限操作当前控制器和Action的角色idthis.Roles = roleWithControllerAction.RoleIds;}else{//请求失败输出空结果filterContext.Result = new EmptyResult();//打出提示文字HttpContext.Current.Response.Write("对不起,你没有权限操作!");}base.OnAuthorization(filterContext);}/// /// 自定义授权检查(返回False则授权失败)/// protected override bool AuthorizeCore(HttpContextBase httpContext){//if (httpContext.User.Identity.IsAuthenticated)//{// string userName = httpContext.User.Identity.Name; //当前登录用户的用户名// User user = SampleData.users.Find(u => u.UserName == userName); //当前登录用户对象// if (user != null)// {// Role role = SampleData.roles.Find(r => r.Id == user.RoleId); //当前登录用户的角色// foreach (string roleid in Roles.Split(','))// {// if (role.Id.ToString() == roleid)// return true;// }// return false;// }// else// return false;//}//else// return false; //进入HandleUnauthorizedRequest return true;}/// /// 处理授权失败的HTTP请求/// protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext){if (string.IsNullOrWhiteSpace(AuthorizationFailView))AuthorizationFailView = "error";filterContext.Result = new ViewResult { ViewName = AuthorizationFailView };}}
二.单点登录方式使用application方式来实现
1.用户登录成功后记录当前信息
/// /// 限制一个用户只能登陆一次/// /// 2.使用ActionFilter来实现单点登录,每次点击控制器都去查询过滤是否在其它地方登录
/// /// 用户基础信息过滤器/// public class LoginActionFilter : ActionFilterAttribute{/// /// 初始化地址/// public const string Url = "~/Login/Index?error=";/// /// 该方法会在action方法执行之前调用 /// /// 上下文public override void OnActionExecuting(ActionExecutingContext filterContext){// 获取上一级url// var url1 = filterContext.HttpContext.Request.UrlReferrer;UserLoginBaseInfo _userLogin = filterContext.HttpContext.Session[Property.UerLoginSession] as UserLoginBaseInfo;// 用户是否登陆if (_userLogin == null){filterContext.Result = new RedirectResult(Url + "登陆时间过期,请重新登陆!&url=" + filterContext.HttpContext.Request.RawUrl);}else{filterContext.HttpContext.Session.Timeout = 30;}//判断是否在其它地方登录Hashtable singleOnline = (Hashtable)System.Web.HttpContext.Current.Application[Property.Online];// 判断当前SessionID是否存在 if (singleOnline != null && !singleOnline.ContainsKey(HttpContext.Current.Session.SessionID))filterContext.Result = new RedirectResult(Url + "你的帐号已在别处登陆,你被强迫下线!");base.OnActionExecuting(filterContext);}/// /// 执行后/// /// public override void OnResultExecuting(ResultExecutingContext filterContext){//记录操作日志,写进操作日志中var controllerName = filterContext.RouteData.Values["controller"];var actionName = filterContext.RouteData.Values["action"];base.OnResultExecuting(filterContext);}
3.用户正常退出或则非正常退出处理当前用户信息销毁Session
/// /// Session销毁/// protected void Session_End(){Hashtable SingleOnline = (Hashtable)Application[Property.Online];if (SingleOnline != null && SingleOnline[Session.SessionID] != null){SingleOnline.Remove(Session.SessionID);Application.Lock();Application[Property.Online] = SingleOnline;Application.UnLock();}Session.Abandon();}
转载说明原文地址:https://i.cnblogs.com/EditPosts.aspx?opt=1
转载于:https://www.cnblogs.com/louby/p/6145810.html
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!