[转载]Asp.Net MVC 权限控制(一)：使用 Authorize Roles 简单实现 – Jetlian – 博客园

mikel
ASP.NET MVC
2015-06-09
61热度
0评论
来源： [转载]Asp.Net MVC 权限控制(一)：使用 Authorize Roles 简单实现 - Jetlian - 博客园
最近由于项目的需要对权限控制做了几个Demo，贴出来供大家拍砖！
首先创建一个 BaseController ，让所有的Controller继承自BaseController 。
[code]
[Authorize]
public class BaseController : Controller
{
}
[/code]
系统登录需要一个 AccountController ，继承自BaseController ，并添加匿名访问标记 AllowAnonymous。
AccountController 实现系统的登录功能，并将用户信息保存到Cookie中。
[code]
    [AllowAnonymous]
    public class AccountController : BaseController
    {
        public ActionResult Index()
        {
            return View();
        }
        public ActionResult Login(string returnUrl)
        {
            ViewBag.ReturnUrl = returnUrl;
            return View();
        }
        [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public ActionResult Login(LoginModel model, string returnUrl)
        {
            string roles = "";
            var userName = model.UserName;
            if (userName == "admin")
            {
                roles = "Admin";
            }
            else if (userName == "ib")
            {
                roles = "IBusiness";
            }
            else if(userName == "ia")
            {
                roles = "IApproval";
            }
            
            FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
            1,
            userName,
            DateTime.Now,
            DateTime.Now.AddMinutes(20),
            false,
            roles//写入用户角色
            );
            string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
            System.Web.HttpCookie authCookie = new System.Web.HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
            System.Web.HttpContext.Current.Response.Cookies.Add(authCookie);
            return string.IsNullOrEmpty(returnUrl) ?
                RedirectToAction("Index", "Home")
                : RedirectToLocal(returnUrl);
        }
        private ActionResult RedirectToLocal(string returnUrl)
        {
            if (Url.IsLocalUrl(returnUrl))
            {
                return Redirect(returnUrl);
            }
            else
            {
                return RedirectToAction("Index", "Home");
            }
        }
        public ActionResult LogOff()
        {
            FormsAuthentication.SignOut();
            return RedirectToAction("Index", "Home");
        }
    }
}
[/code]
在系统的业务Controller中添加角色验证标记。
[code]
[Authorize(Roles = "Admin,IBusiness,IApproval")]
public class InfrastructureController : BaseController
{
    public ActionResult Index()
    {
        return View();
    }
    [Authorize(Roles = "IBusiness")]
    public ActionResult Add()
    {
        return View();
    }
    [Authorize(Roles = "IApproval")]
    public ActionResult Approval()
    {
        return this.View();
    }
}
[/code]
 最后在Global.asax中添加验证。
[code]
/// <summary>
/// 构造方法
/// </summary>
public MvcApplication()
{
    AuthorizeRequest += new EventHandler(Application_AuthenticateRequest);
}
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
    HttpCookie authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];
    if (authCookie == null || authCookie.Value == "")
    {
        return;
    }
    FormsAuthenticationTicket authTicket = null;
    try
    {
        authTicket = FormsAuthentication.Decrypt(authCookie.Value);
    }
    catch
    {
        return;
    }
    string[] roles = authTicket.UserData.Split(new char[] { ',' });
    if (Context.User != null)
    {
        Context.User = new System.Security.Principal.GenericPrincipal(Context.User.Identity, roles);
    }
}
[/code]
 
 
 代码下载：AuthorizationPro.zip
(注：由于dll太多，文件压缩过大，已将demo中dll包删除)