ASP.NET MVC权限验证 封装类
写该权限类主要目地
为了让权限配置更加的灵活,可以根据SQL、json、或者XML的方式来动态进行页面的访问控制,以及没有权限的相关跳转。
使用步骤
1、要建一个全局过滤器
//受权过滤器
public class AuthorizeFilter : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
}
}
2、Gobal里注册 GlobalFilters.Filters.Add(new AuthorizeFilter());该过该全局过滤器
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
GlobalFilters.Filters.Add(new AuthorizeFilter());
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
}
3、在过滤器中调用 SystemAuthorizeService.Start实现
(1)使用对象进行权限验证
public override void OnAuthorization(AuthorizationContext filterContext)
{ List<SystemAuthorizeModel> smList = new List<SystemAuthorizeModel>()
{
//用户1,2,3可以访问 area为admin 所有权限
new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.Area, AreaName="admin" , UserKeyArray=new dynamic[] { 1,2,3 /*用户授权数组*/} }, //用户8,7可以访问 area为admin 控制器为:center 所有权限
new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.Controller, AreaName="admin" , ControllerName="center", UserKeyArray=new dynamic[] { 8,7 /*用户授权数组*/} }, //用户1可以访问为 area为:null 控制器为:home 操作为:about 的请求
new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.Action, ControllerName="home" , ActionName="about" , UserKeyArray=new dynamic[] { 1 } }, //给用户100和110所有页面权限
new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.All, UserKeyArray=new dynamic[] { 100,110 } } }; SystemAuthorizeErrorRedirect sr = new SystemAuthorizeErrorRedirect();
sr.DefaultUrl = "/user/login";//没有权限都跳转到DefaultUrl
//sr.ItemList=xx 设置更详细的跳转 SystemAuthorizeService.Start(filterContext, smList, sr, () =>
{ //获取用户ID
return 1; //用户ID为1,作为DEMO写死 ,当然了可以是SESSION也可以是COOKIES等 这儿就不解释了
});
}
(2)使用JSON转成对象进行验证
[
{
"SystemAuthorizeType": 1,
"AreaName": "admin",
"ControllerName": "center",
"ActionName": null,
"UserKeyArray": [
1,
2,
3
]
},
{
"SystemAuthorizeType": 1,
"AreaName": "admin",
"ControllerName": "center",
"ActionName": null,
"UserKeyArray": [
8,
7
]
},
{
"SystemAuthorizeType": 3,
"AreaName": null,
"ControllerName": "home",
"ActionName": "about",
"UserKeyArray": [
1
]
},
{
"SystemAuthorizeType": 0,
"AreaName": null,
"ControllerName": null,
"ActionName": null,
"UserKeyArray": [
100,
110
]
}
]
SystemAuthorizeService代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Linq.Expressions;
using System.Web;
using System.Web.Mvc;
using System.Web.Routing; namespace Idea.Models.Filters
{
/// <summary>
/// 系统授权服务
/// 作者:sunkaixuan
/// 时间:2015-10-25
/// </summary>
public class SystemAuthorizeService
{
/// <summary>
/// 启动系统授权
/// </summary>
/// <param name="filterContext"></param>
/// <param name="SystemAuthorizeList">所有验证项</param>
/// <param name="errorRediect">没有权限跳转地址</param>
/// <param name="GetCurrentUserId">获取当前用户ID</param>
public static void Start(AuthorizationContext filterContext, List<SystemAuthorizeModel> systemAuthorizeList, SystemAuthorizeErrorRedirect errorRediect, Func<object> GetCurrentUserKey)
{ if (errorRediect == null)
{
throw new ArgumentNullException("SystemAuthorizeService.Start.errorRediect");
}
if (systemAuthorizeList == null)
{
throw new ArgumentNullException("SystemAuthorizeService.Start.systemAuthorizeList");
} //全部小写
foreach (var it in systemAuthorizeList)
{
it.ControllerName = it.ControllerName.ToLower();
it.ActionName = it.ActionName.ToLower();
it.AreaName = it.AreaName.ToLower();
} //声名变量
var context = filterContext.HttpContext;
var request = context.Request;
var response = context.Response;
string actionName = filterContext.ActionDescriptor.ActionName.ToLower();
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower();
string areaName = null;
bool isArea = filterContext.RouteData.DataTokens["area"] != null; //变量赋值
if (isArea)
areaName = filterContext.RouteData.DataTokens["area"].ToString().ToLower(); //函数方法
#region 函数方法
Action<string, string, string> Redirect = (action, controller, area) =>
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = controller, action = action, area = area }));
};
Action<string> RedirectUrl = url =>
{
filterContext.Result = new RedirectResult(url);
};
#endregion Func<SystemAuthorizeErrorRedirectItemList, bool> redirectActionExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName && it.Controller == controllerName && it.Action == actionName;
Func<SystemAuthorizeErrorRedirectItemList, bool> redirectControllerExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName && it.Controller == controllerName;
Func<SystemAuthorizeErrorRedirectItemList, bool> redirectAreaExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName; Func<SystemAuthorizeModel, bool> actionExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.AreaName == areaName && it.ControllerName == controllerName && it.ActionName == actionName;
Func<SystemAuthorizeModel, bool> controllerExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Controller && it.AreaName == areaName && it.ControllerName == controllerName;
Func<SystemAuthorizeModel, bool> areaExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Area && it.AreaName == areaName; dynamic userId = GetCurrentUserKey(); //所有权限
bool isAllByUuserKey = IsAllByUserKey(systemAuthorizeList, userId);
bool isAreaByUserKey = IsAreaByUserKey(systemAuthorizeList, areaName, userId);
bool isControllerByUserKey = IsControllerByUserKey(systemAuthorizeList, areaName, controllerName, userId);
bool isActionByUserKey = IsActionByUserKey(systemAuthorizeList, areaName, controllerName, actionName, userId);
//有权限
var hasPower = (isAllByUuserKey || isActionByUserKey || isControllerByUserKey || isAreaByUserKey);
//需要验证
var mustValidate = systemAuthorizeList.Any(actionExpression) || systemAuthorizeList.Any(controllerExpression) || systemAuthorizeList.Any(areaExpression); if (!hasPower && mustValidate)
{
ErrorRediect(errorRediect, RedirectUrl, redirectActionExpression, redirectControllerExpression, redirectAreaExpression);
} } private static void ErrorRediect(SystemAuthorizeErrorRedirect errorRediect, Action<string> RedirectUrl, Func<SystemAuthorizeErrorRedirectItemList, bool> actionExpression, Func<SystemAuthorizeErrorRedirectItemList, bool> controllerExpression, Func<SystemAuthorizeErrorRedirectItemList, bool> areaExpression)
{
if (errorRediect.ItemList == null)
{//返回默认错误地址
RedirectUrl(errorRediect.DefaultUrl);
}
else if (errorRediect.ItemList.Any(actionExpression))
{
var red = errorRediect.ItemList.Single(actionExpression);
RedirectUrl(red.ErrorUrl);
}
else if (errorRediect.ItemList.Any(controllerExpression))
{
var red = errorRediect.ItemList.Single(controllerExpression);
RedirectUrl(red.ErrorUrl);
}
else if (errorRediect.ItemList.Any(areaExpression))
{
var red = errorRediect.ItemList.Single(areaExpression);
RedirectUrl(red.ErrorUrl);
}
else if (errorRediect.ItemList.Any(it => it.SystemAuthorizeType == SystemAuthorizeType.All))
{
var red = errorRediect.ItemList.Single(it => it.SystemAuthorizeType == SystemAuthorizeType.All);
RedirectUrl(red.ErrorUrl);
}
else
{
RedirectUrl(errorRediect.DefaultUrl);
}
} private static bool IsAllByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, object userKey)
{
var hasAll = systemAuthorizeList.Any(it => it.SystemAuthorizeType == SystemAuthorizeType.All);
if (hasAll)
{
if (systemAuthorizeList.Any(it => it.UserKeyArray != null && it.UserKeyArray.Contains(userKey)))
{
return true;
}
} return false;
}
private static bool IsAreaByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, string area, object userKey)
{ if (systemAuthorizeList.Any(it => it.AreaName == area && it.SystemAuthorizeType == SystemAuthorizeType.Area)) //是否存在验证级别为Area的验证
{
var isContains = systemAuthorizeList.Any(it => it.AreaName == area && it.SystemAuthorizeType == SystemAuthorizeType.Area && it.UserKeyArray.Contains(userKey));
return isContains;
}
return false;
} private static bool IsControllerByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, string area, string controller, object userKey)
{
if (systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.SystemAuthorizeType == SystemAuthorizeType.Controller)) //是否存在验证级别为Controller的验证
{
var isContains = systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.SystemAuthorizeType == SystemAuthorizeType.Controller && it.UserKeyArray.Contains(userKey));
return isContains;
}
return false;
} private static bool IsActionByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, string area, string controller, string action, dynamic userKey)
{ if (systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.ActionName == action && it.SystemAuthorizeType == SystemAuthorizeType.Action)) //是否存在验证级别为action的验证
{
return systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.ActionName == action && it.SystemAuthorizeType == SystemAuthorizeType.Action && it.UserKeyArray.ToString().Contains(userKey.ToString()));
} return false;
}
} /// <summary>
/// 用户访问需要授权的项
/// </summary>
public class SystemAuthorizeModel
{
/// <summary>
/// 验证类型
/// </summary>
public SystemAuthorizeType SystemAuthorizeType { get; set; }
/// <summary>
/// 用户拥有权限访问的Area
/// </summary>
public string AreaName { get; set; }
/// <summary>
/// 用户拥有权限访问的Controller
/// </summary>
public string ControllerName { get; set; }
/// <summary>
/// 用户拥有权限访问的Actioin
/// </summary>
public string ActionName { get; set; }
/// <summary>
/// 用户ID
/// </summary>
public dynamic[] UserKeyArray { get; set; } } /// <summary>
/// 如果没有权限返回地址
/// </summary>
public class SystemAuthorizeErrorRedirect
{
/// <summary>
/// 默认值
/// </summary>
public string DefaultUrl { get; set; } public List<SystemAuthorizeErrorRedirectItemList> ItemList { get; set; }
} public class SystemAuthorizeErrorRedirectItemList
{
/// <summary>
/// 验证类型
/// </summary>
public SystemAuthorizeType SystemAuthorizeType { get; set; }
public string Controller { get; set; }
public string Action { get; set; }
public string Area { get; set; } public string ErrorUrl { get; set; } } /// <summary>
/// 验证类型
/// </summary>
public enum SystemAuthorizeType
{
/// <summary>
/// 所有权限
/// </summary>
All = 0,
/// <summary>
///验证Area
/// </summary>
Area = 1,
/// <summary>
/// 验证Area和Controller
/// </summary>
Controller = 2,
/// <summary>
/// 验证Area和Controller和Action
/// </summary>
Action = 3,
/// <summary>
/// 没有权限
/// </summary>
No = 4 }
}
ASP.NET MVC权限验证 封装类的更多相关文章
- Asp.net MVC 权限验证,以及是否允许匿名访问
public class CheckUserAttribute : ActionFilterAttribute, IAuthorizationFilter { public void OnAuthor ...
- NET MVC权限验证
ASP.NET MVC权限验证 封装类 写该权限类主要目地 为了让权限配置更加的灵活,可以根据SQL.json.或者XML的方式来动态进行页面的访问控制,以及没有权限的相关跳转. 使用步骤 1.要建一 ...
- Asp.Net MVC 身份验证-Forms
Asp.Net MVC 身份验证-Forms 在MVC中对于需要登录才可以访问的页面,只需要在对应的Controller或Action上添加特性[Authorize]就可以限制非登录用户访问该页面.那 ...
- ASP.NET MVC Model验证(五)
ASP.NET MVC Model验证(五) 前言 上篇主要讲解ModelValidatorProvider 和ModelValidator两种类型的自定义实现, 然而在MVC框架中还给我们提供了其它 ...
- ASP.NET MVC Model验证(四)
ASP.NET MVC Model验证(四) 前言 本篇主要讲解ModelValidatorProvider 和ModelValidator两种类型的自定义实现,前者是Model验证提供程序,而Mod ...
- ASP.NET MVC Model验证(三)
ASP.NET MVC Model验证(三) 前言 上篇中说到在MVC框架中默认的Model验证是在哪里验证的,还讲到DefaultModelBinder类型的内部执行的示意图,让大家可以看到默认的M ...
- ASP.NET MVC Model验证(二)
ASP.NET MVC Model验证(二) 前言 上篇内容演示了一个简单的Model验证示例,然后在文中提及到Model验证在MVC框架中默认所处的位置在哪?本篇就是来解决这个问题的,并且会描述一下 ...
- ASP.NET MVC Model验证(一)
ASP.NET MVC Model验证(一) 前言 前面对于Model绑定部分作了大概的介绍,从这章开始就进入Model验证部分了,这个实际上是一个系列的Model的绑定往往都是伴随着验证的.也会在后 ...
- ASP.NET MVC 5 - 验证编辑方法(Edit method)和编辑视图(Edit view)
在本节中,您将验证电影控制器生成的编辑方法(Edit action methods)和视图.但是首先将修改点代码,使得发布日期属性(ReleaseDate)看上去更好.打开Models \ Movie ...
随机推荐
- Spring3 整合Hibernate3.5 动态切换SessionFactory (切换数据库方言)
一.缘由 上一篇文章Spring3.3 整合 Hibernate3.MyBatis3.2 配置多数据源/动态切换数据源 方法介绍到了怎么样在Sping.MyBatis.Hibernate整合的应用中动 ...
- Revit中如何控制图元的显示与隐藏
Revit建模过程中经常会遇到图元的相互遮挡的情况,为了将一些图元显示出来,就需要将一些不需要显示的图元隐藏掉,这就需要用到"隐藏/重置"工具,在Revit绘图窗口左下角提供了一排 ...
- depth and distance
1down votefavorite I'm implementing ominidirectional shadow mapping for point lights. I want to us ...
- easyui tree 编辑后保留原先状态
$(function () { var selected = $('#depttree').tree('getSelected'); $('#depttree').tree({ checkbox: f ...
- View 以Diaglog 方式展示
OutAdmissionBookingEditor admissionBookingEditor = this.LayoutManager.OpenDialog<OutAdmissionBook ...
- RabbitMQ学习笔记3-使用topic交换器
topic的路由规则里使用[.]号分隔单词,使用[*]号匹配1个单词,使用[#]匹配多个.和多个*. 在下面的例子中: logger.*可以匹配logger.error和logger.warning, ...
- LNMP软件安装所在的目录详细
LNMP相关软件安装目录Nginx 目录: /usr/local/nginx/MySQL 目录 : /usr/local/mysql/MySQL数据库所在目录:/usr/local/mysql/var ...
- Java WebService 简单实例[转]
http://www.cnblogs.com/yisheng163/p/4524808.html?utm_source=tuicool 前言:朋友们开始以下教程前,请先看第五大点的注意事项,以避免不必 ...
- [原创]Android系统中常用JAVA类源码浅析之HashMap
由于是浅析,所以我只分析常用的接口,注意是Android系统中的JAVA类,可能和JDK的源码有区别. 首先从构造函数开始, /** * Min capacity (other than zero) ...
- javascript中apply()方法解析-简单易懂!
今天看到了js的call与apply的异同,想着整理一下知识点,发现了一篇好文章,分享过来给大家,写的非常好! 参考: http://www.cnblogs.com/delin/archive/201 ...