Asp.net mvc 权限过滤和单点登录(禁止重复登录)
1.权限控制使用controller和action来实现,权限方式有很多种,最近开发项目使用控制控制器方式实现代码如下
///<summary>
///用户权限控制
///</summary>
publicclassUserAuthorize:AuthorizeAttribute
{
///<summary>
///授权失败时呈现的视图
///</summary>
publicstringAuthorizationFailView{get;set;}
///<summary>
///请求授权时执行
///</summary>
///<paramname="filterContext">上下文</param>
publicoverridevoidOnAuthorization(AuthorizationContextfilterContext)
{
//获取url请求里的controller和action
stringcontrollerName=filterContext.RouteData.Values["controller"].ToString();
stringactionName=filterContext.RouteData.Values["action"].ToString();
//获取用户信息
UserLoginBaseInfo_userLoginInfo=filterContext.HttpContext.Session[Property.UerLoginSession]asUserLoginBaseInfo;
//根据请求过来的controller和action去查询可以被哪些角色操作:这是查询数据库roleid使用1,2,3,4格式
RoleWithControllerActionroleWithControllerAction=
SampleData.roleWithControllerAndAction.FirstOrDefault(r=>r.ControllerName.ToLower()==controllerName.ToLower()&&r.ActionName.ToLower()==actionName.ToLower()&&r.RoleIds.contails("3"));
//有值处理
if(roleWithControllerAction!=null)
{
//有权限操作当前控制器和Action的角色id
this.Roles=roleWithControllerAction.RoleIds;
}
else
{
//请求失败输出空结果
filterContext.Result=newEmptyResult();
//打出提示文字
HttpContext.Current.Response.Write("对不起,你没有权限操作!");
}
base.OnAuthorization(filterContext);
}
///<summary>
///自定义授权检查(返回False则授权失败)
///</summary>
protectedoverrideboolAuthorizeCore(HttpContextBasehttpContext)
{
//if(httpContext.User.Identity.IsAuthenticated)
//{
//stringuserName=httpContext.User.Identity.Name;//当前登录用户的用户名
//Useruser=SampleData.users.Find(u=>u.UserName==userName);//当前登录用户对象
//if(user!=null)
//{
//Rolerole=SampleData.roles.Find(r=>r.Id==user.RoleId);//当前登录用户的角色
//foreach(stringroleidinRoles.Split(','))
//{
//if(role.Id.ToString()==roleid)
//returntrue;
//}
//returnfalse;
//}
//else
//returnfalse;
//}
//else
//returnfalse;//进入HandleUnauthorizedRequest
returntrue;
}
///<summary>
///处理授权失败的HTTP请求
///</summary>
protectedoverridevoidHandleUnauthorizedRequest(AuthorizationContextfilterContext)
{
if(string.IsNullOrWhiteSpace(AuthorizationFailView))
AuthorizationFailView="error";
filterContext.Result=newViewResult{ViewName=AuthorizationFailView};
}
}
二.单点登录方式使用application方式来实现
1.用户登录成功后记录当前信息
///<summary>
///限制一个用户只能登陆一次
///</summary>
///<returns></returns>
privatevoidGetOnline()
{
stringUserID="1";
HashtableSingleOnline=(Hashtable)System.Web.HttpContext.Current.Application[Property.Online];
if(SingleOnline==null)
SingleOnline=newHashtable();
IDictionaryEnumeratoridE=SingleOnline.GetEnumerator();
stringstrKey=string.Empty;
while(idE.MoveNext())
{
if(idE.Value!=null&&idE.Value.ToString().Equals(UserID))
{
//alreadylogin
strKey=idE.Key.ToString();
//当前用户已存在移除、
SingleOnline.Remove(strKey);
System.Web.HttpContext.Current.Application.Lock();
System.Web.HttpContext.Current.Application[Property.Online]=SingleOnline;
System.Web.HttpContext.Current.Application.UnLock();
break;
}
}
//SessionID
if(!SingleOnline.ContainsKey(Session.SessionID))
{
SingleOnline[Session.SessionID]=UserID;
System.Web.HttpContext.Current.Application.Lock();
System.Web.HttpContext.Current.Application[Property.Online]=SingleOnline;
System.Web.HttpContext.Current.Application.UnLock();
}
}
2.使用ActionFilter来实现单点登录,每次点击控制器都去查询过滤是否在其它地方登录
///<summary>
///用户基础信息过滤器
///</summary>
publicclassLoginActionFilter:ActionFilterAttribute
{
///<summary>
///初始化地址
///</summary>
publicconststringUrl="~/Login/Index?error=";
///<summary>
///该方法会在action方法执行之前调用
///</summary>
///<paramname="filterContext">上下文</param>
publicoverridevoidOnActionExecuting(ActionExecutingContextfilterContext)
{
//获取上一级url
//varurl1=filterContext.HttpContext.Request.UrlReferrer;
UserLoginBaseInfo_userLogin=filterContext.HttpContext.Session[Property.UerLoginSession]asUserLoginBaseInfo;
//用户是否登陆
if(_userLogin==null)
{
filterContext.Result=newRedirectResult(Url+"登陆时间过期,请重新登陆!&url="+filterContext.HttpContext.Request.RawUrl);
}
else
{
filterContext.HttpContext.Session.Timeout=30;
}
//判断是否在其它地方登录
HashtablesingleOnline=(Hashtable)System.Web.HttpContext.Current.Application[Property.Online];
//判断当前SessionID是否存在
if(singleOnline!=null&&!singleOnline.ContainsKey(HttpContext.Current.Session.SessionID))
filterContext.Result=newRedirectResult(Url+"你的帐号已在别处登陆,你被强迫下线!");
base.OnActionExecuting(filterContext);
}
///<summary>
///执行后
///</summary>
///<paramname="filterContext"></param>
publicoverridevoidOnResultExecuting(ResultExecutingContextfilterContext)
{
//记录操作日志,写进操作日志中
varcontrollerName=filterContext.RouteData.Values["controller"];
varactionName=filterContext.RouteData.Values["action"];
base.OnResultExecuting(filterContext);
}
3.用户正常退出或则非正常退出处理当前用户信息销毁Session
///<summary>
///Session销毁
///</summary>
protectedvoidSession_End()
{
HashtableSingleOnline=(Hashtable)Application[Property.Online];
if(SingleOnline!=null&&SingleOnline[Session.SessionID]!=null)
{
SingleOnline.Remove(Session.SessionID);
Application.Lock();
Application[Property.Online]=SingleOnline;
Application.UnLock();
}
Session.Abandon();
}
以上所述是小编给大家介绍的Asp.netmvc权限过滤和单点登录(禁止重复登录),希望对大家有所帮助,如果大家有任何疑问欢迎给我留言,小编会及时回复大家的!