用法:

还是希望读者把源码看懂,即可运用自如。重点是,为什么有个UserType!!!

登录用户信息:

namespace MVCCommonAuth
{
    [Serializable]
    public class LoginUser
    {
        ";
        public int ID { get; set; }

        public string UserName { get; set; }
        public string Roles { get; set; }

        public DateTime Expires { get; set; }

        public readonly static string CookieNamePrefix = "authcookie";

        public void Login(string userType, string domain = null, string path = null)
        {
            var keyName = CookieNamePrefix + userType;
            var json = JsonConvert.SerializeObject(this);
            var value = EncryptString(json, DESKEY);

            HttpCookie cookie = new HttpCookie(keyName, value);
            cookie.Expires = Expires;
            if (!string.IsNullOrWhiteSpace(domain))
            {
                cookie.Domain = domain;
            }
            if (path != null)
            {
                cookie.Path = path;
            }
            HttpContext.Current.Items[keyName] = this;
            HttpContext.Current.Response.Cookies.Add(cookie);
        }

        /// <summary>
        /// 从cookie读取用户信息
        /// </summary>
        /// <param name="cookieName"></param>
        private static LoginUser BuildUser(string keyName)
        {
            var cookie = HttpContext.Current.Request.Cookies[keyName];
            if (cookie != null && !string.IsNullOrEmpty(cookie.Value))
            {
                try
                {
                    var json = DecryptString(cookie.Value, DESKEY);
                    var loginuser = JsonConvert.DeserializeObject<LoginUser>(json);
                    if (loginuser != null)
                    {
                        if (loginuser.Expires >= DateTime.Now)
                        {
                            return loginuser;
                        }
                    }
                }
                catch
                {
                    //do nothing
                }
            }
            return null;
        }

        public static LoginUser GetUser(string userType)
        {
            var keyName = CookieNamePrefix + userType;
            if (!HttpContext.Current.Items.Contains(keyName))
            {
                var user = BuildUser(keyName);
                HttpContext.Current.Items[keyName] = user;
                return user;
            }
            else
            {
                return HttpContext.Current.Items[keyName] as LoginUser;
            }
        }

        public static int GetUserID(string userType)
        {
            var user = GetUser(userType);
            if (user != null)
                return user.ID;
            ;
        }

        /// <summary>
        /// 退出cookie登录
        /// </summary>
        public static void Logout(string userType)
        {
            var keyName = CookieNamePrefix + userType;

            HttpCookie cookie = new HttpCookie(keyName, string.Empty);
            cookie.Expires = DateTime.Now.AddMonths(-);
            HttpContext.Current.Response.Cookies.Add(cookie);
        }

        #region 字符串加密

        /// <summary>
        /// 利用DES加密算法加密字符串(可解密)
        /// </summary>
        /// <param name="plaintext">被加密的字符串</param>
        /// <param name="key">密钥(只支持8个字节的密钥)</param>
        /// <returns>加密后的字符串</returns>
        private static string EncryptString(string plaintext, string key)
        {
            //访问数据加密标准(DES)算法的加密服务提供程序 (CSP) 版本的包装对象
            DESCryptoServiceProvider des = new DESCryptoServiceProvider();
            des.Key = ASCIIEncoding.ASCII.GetBytes(key); //建立加密对象的密钥和偏移量
            des.IV = ASCIIEncoding.ASCII.GetBytes(key);  //原文使用ASCIIEncoding.ASCII方法的GetBytes方法   

            byte[] inputByteArray = Encoding.Default.GetBytes(plaintext);//把字符串放到byte数组中   

            MemoryStream ms = new MemoryStream();//创建其支持存储区为内存的流 
            //定义将数据流链接到加密转换的流
            CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(), CryptoStreamMode.Write);
            cs.Write(inputByteArray, , inputByteArray.Length);
            cs.FlushFinalBlock();
            //上面已经完成了把加密后的结果放到内存中去
            StringBuilder ret = new StringBuilder();
            foreach (byte b in ms.ToArray())
            {
                ret.AppendFormat("{0:X2}", b);
            }
            ret.ToString();
            return ret.ToString();
        }
        /// <summary>
        /// 利用DES解密算法解密密文(可解密)
        /// </summary>
        /// <param name="ciphertext">被解密的字符串</param>
        /// <param name="key">密钥(只支持8个字节的密钥,同前面的加密密钥相同)</param>
        /// <returns>返回被解密的字符串</returns>
        private static string DecryptString(string ciphertext, string key)
        {
            try
            {
                DESCryptoServiceProvider des = new DESCryptoServiceProvider();

                ];
                ; x < ciphertext.Length / ; x++)
                {
                    , ), ));
                    inputByteArray[x] = (byte)i;
                }

                des.Key = ASCIIEncoding.ASCII.GetBytes(key); //建立加密对象的密钥和偏移量,此值重要,不能修改
                des.IV = ASCIIEncoding.ASCII.GetBytes(key);
                MemoryStream ms = new MemoryStream();
                CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(), CryptoStreamMode.Write);

                cs.Write(inputByteArray, , inputByteArray.Length);

                cs.FlushFinalBlock();

                //建立StringBuild对象,createDecrypt使用的是流对象,必须把解密后的文本变成流对象
                StringBuilder ret = new StringBuilder();

                return System.Text.Encoding.Default.GetString(ms.ToArray());
            }
            catch (Exception)
            {
                return "error";
            }
        }

        #endregion
    }

}

Action验证过滤器:

namespace MVCCommonAuth
{
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
    public class AuthFilterAttribute : ActionFilterAttribute
    {
        public AuthFilterAttribute() { }
        public AuthFilterAttribute(string roles,string userType) {
            this.Roles = roles;
            this.UserType = userType;
        }
        public bool Allowanonymous { get; set; }
        public string Roles { get; set; }

        public string Users { get; set; }

        public string UserType { get; set; }

        public sealed override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (Allowanonymous) return;
            if (IsAuth()) return;
            UnauthorizedRequest(filterContext);
        }

        public sealed override void OnActionExecuted(ActionExecutedContext filterContext)
        {
            base.OnActionExecuted(filterContext);
        }
        public sealed override void OnResultExecuting(ResultExecutingContext filterContext)
        {
            base.OnResultExecuting(filterContext);
        }
        public sealed override void OnResultExecuted(ResultExecutedContext filterContext)
        {
            base.OnResultExecuted(filterContext);
        }

        private bool IsAuth()
        {
            var user = LoginUser.GetUser(UserType);
            if (user != null)
            {
                return AuthorizeCore(user.UserName, user.Roles);
            }
            else
            {
                return false;
            }
        }

        private void UnauthorizedRequest(ActionExecutingContext filterContext)
        {
            if (filterContext.HttpContext.Request.IsAjaxRequest())
                UnauthorizedAjaxRequest(filterContext);
            else
                UnauthorizedGenericRequest(filterContext);
        }

        protected virtual bool AuthorizeCore(string userName, string userRoles)
        {
            var separator = new char[] { ',' };
            var options = StringSplitOptions.RemoveEmptyEntries;
            if (!string.IsNullOrWhiteSpace(Users))
            {
                return Users.Split(separator, options).Contains(userName);
            }
            if (!string.IsNullOrWhiteSpace(Roles))
            {
                var allowRoles = Roles.Split(separator, options);
                var hasRoles = userRoles.Split(separator, options);
                foreach (var role in hasRoles)
                {
                    if (allowRoles.Contains(role))
                    {
                        return true;
                    }
                }
                return false;
            }
            return true;
        }

        protected virtual void UnauthorizedGenericRequest(ActionExecutingContext filterContext)
        {
            //根据Roles、Users、UserType信息分别跳转
            filterContext.Result = new RedirectResult("/Account/login?returnurl=" + filterContext.HttpContext.Request.Url.PathAndQuery);
        }
        protected virtual void UnauthorizedAjaxRequest(ActionExecutingContext filterContext)
        {
            var acceptTypes = filterContext.HttpContext.Request.AcceptTypes;
            if (acceptTypes.Contains("*/*") || acceptTypes.Contains("application/json"))
            {
                filterContext.Result = , msg = "nologin" }, JsonRequestBehavior = JsonRequestBehavior.AllowGet };
            }
            else
            {
                filterContext.Result = new ContentResult { Content = "nologin" };
            }

        }

    }
}

asp.net MVC 通用登录验证模块的更多相关文章

  1. ASP.NET MVC通用权限管理系统(响应布局)源码更新介绍

    一.asp.net mvc 通用权限管理系统(响应布局)源码主要以下特点: AngelRM(Asp.net MVC)是基于asp.net(C#)MVC+前端bootstrap+ztree+lodash ...

  2. ASP.NET MVC 用户登录Login

    ASP.NET MVC 用户登录Login一.先来看个框架例子:(这个是网上收集到的)  第一步:创建一个类库ClassLibrary831.            第二步:编写一个类实现IHttpM ...

  3. asp.net MVC通用分页组件 使用方便 通用性强

    asp.net MVC通用分页组件 使用方便 通用性强   该分页控件的显示逻辑: 1 当前页面反色突出显示,链接不可点击 2 第一页时首页链接不可点击 3 最后一页时尾页链接不可点击 4 当前页面左 ...

  4. ASP.NET MVC使用AuthenticationAttribute验证登录

    首先,添加一个类AuthenticationAttribute,该类继承AuthorizeAttribute,如下: using System.Web; using System.Web.Mvc; n ...

  5. asp.net MVC通用权限管理系统-响应式布局-源码

    一.Angel工作室简单通用权限系统简介 AngelRM(Asp.net MVC Web api)是基于asp.net(C#)MVC+前端bootstrap+ztree+lodash+jquery技术 ...

  6. Asp.Net Mvc通用后台管理系统,bootstrap+easyui+权限管理+ORM

    产品清单: 1.整站源码,非编译版,方便进行业务的二次开发 2.通用模块与用户等基础数据的数据库脚本 3.bootstrap3.3.1 AceAdmin模板源码 4.easyui1.3.5源码 5.F ...

  7. 【MVC】ASP.NET MVC之数据验证

    前端传到后端数据的不可信任性,DRY("Don't Repeat Yourself") 设计原则.MVC3.0出了后端数据验证特性,鼓励你只定义一次功能或行为,然后在应用程序中各处 ...

  8. ASP.NET MVC Cookie 身份验证

    1 创建一个ASP.NET MVC 项目 添加一个 AccountController 类. public class AccountController : Controller { [HttpGe ...

  9. ASP.NET MVC的客户端验证:jQuery验证在Model验证中的实现

    在简单了解了Unobtrusive JavaScript形式的验证在jQuery中的编程方式之后,我们来介绍ASP.NET MVC是如何利用它实现客户端验证的.服务端验证最终实现在相应的ModelVa ...

随机推荐

  1. JQ中的方法、事件及动画

    css( ) 除了可以为元素添加样式外,还可用来查询元素,某样式值alert($('.cls1').css('width')); //100px(返回带单位的值)注意:原生CSS样式中有-的去掉并且将 ...

  2. 基本排序算法——插入排序java实现

    插入排序过程: 在初始状态下,第一个元素是排序的,在最终状态下,作为一组数据时排序的. 代码如下;eclipse4.3实现 package sort.basic; import java.util.A ...

  3. 参加了iDOF2016会议,发表演讲“油田SOA与云平台的系统思考与实践”

    PPT的全部抓图,扫描二维码直接到微信里去看吧:

  4. Linux文件和目录权限详细讲解

    转载请标明出处: http://www.cnblogs.com/why168888/p/5965180.html 本文出自:[Edwin博客园] Linux文件和目录权限解读 如何设置Linxu文件和 ...

  5. 【代码笔记】iOS-推荐收听,左右两个tableView

    一,效果图. 二,工程图. 三,代码. RootViewController.h #import <UIKit/UIKit.h> @interface RootViewController ...

  6. rails中的session

    学rails toturial的时候,第八章一直觉得有点没吃透,后来看了两篇rails关于session和cookies源码分析的文章,cookie原理与实现(rails篇) 和session原理与实 ...

  7. TeamCity实战(1):准备工作

    环境: Windows Server 2008 R2 SP1(不会再有SP2,参考这里:http://www.techspot.com/news/50599-microsoft-wont-releas ...

  8. 谈谈yii2-GridView如何实现列表页直接修改数据

    作者:白狼 出处:http://www.manks.top/yii2_gridview_advanced.html 本文版权归作者,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原 ...

  9. C#.NET万能数据库访问封装类(ACCESS、SQLServer、Oracle)

    using System; using System.Collections; using System.Collections.Specialized; using System.Data; usi ...

  10. C#中Split用法

    1.用字符串分隔:  using System.Text.RegularExpressions; string str="aaajsbbbjsccc"; string[] sArr ...