那今次Insus.NET在ASP.NET MVC实现自定义验证Authorize Attribute。
实现之前,Insus.NET对usp_Users_VeryLoginVerify修改一下,改为更好理解与使用:
SET ANSI_NULLS ONGOSET QUOTED_IDENTIFIER ONGOALTER PROCEDURE [dbo].[usp_Users_VeryLoginVerify]( @U_nbr NVARCHAr(20), @pwd NVARCHAr(100))ASBEGIN DECLARE @errmsg NVARCHAr(50) = N'用户名或密码错误。' IF NOT EXISTS(SELECt TOP 1 1 FROM [dbo].[Users] WHERe [U_nbr] = @U_nbr) BEGIN RAISERROR(@errmsg,16,1) RETURN END SELECt [U_nbr] AS [Account] FROM [dbo].[Users] WHERe [U_nbr] = @U_nbr AND ConVERT(NVARCHAr(100),DECRYPTBYPASSPHRASE('insus#sec!%y',[Pwd])) = @pwd IF @@ROWCOUNT <= 0 BEGIN RAISERROR(@errmsg,16,1) RETURN ENDENDSource Code
OK,上面是数据库方面。
接下你需要在ASP.NET MVC写程序:
使用cookie来存储登录以及验证信息,写一个cookie类别:
using System;using System.Collections.Generic;using System.Linq;using System.Web;namespace Insus.NET.Utilities{ public abstract class cookiebase { private static HttpResponse Response { get { return HttpContext.Current.Response; } } private static HttpRequest Request { get { return HttpContext.Current.Request; } } public static Httpcookie cookie { get { return Request.cookies["cookiebase"] as Httpcookie; } set { if (Request.cookies["cookiebase"] != null) { Request.cookies.Remove("cookiebase"); } Response.cookies.Add(value); } } public static Httpcookie Newcookie { get { return new Httpcookie("cookiebase"); } } public static void Removecookie() { if (cookie == null) Response.cookies.Remove("cookiebase"); else Response.cookies["cookiebase"].Expires = DateTime.Now.AddDays(-1); } }}Source Code
其实上面这个Cookebase.cs是一个能存储多对象的集合类。在真正的程序中,你想存储什么信息,可以写一个如下面的类来操作:
using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.Web;namespace Insus.NET.Utilities{ public class Securitybase { public static bool IsAuthorized { get { return cookiebase.cookie == null ? false : bool.Parse(cookiebase.cookie.Values["IsAuthorized"]); } set { Httpcookie httpcookie = cookiebase.cookie == null ? cookiebase.Newcookie : cookiebase.cookie; httpcookie.Values["IsAuthorized"] = value.ToString(); cookiebase.cookie = httpcookie; } } public static string UserName { get { return cookiebase.cookie == null ? string.Empty : cookiebase.cookie.Values["UserName"]; } set { Httpcookie httpcookie = cookiebase.cookie == null ? cookiebase.Newcookie : cookiebase.cookie; httpcookie.Values["UserName"] = value; cookiebase.cookie = httpcookie; } } public static void RemoveCooke() { cookiebase.Removecookie(); } }}Source Code
接下来,我们需要创建一个验证过滤器:
using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.Web;using System.Web.Mvc;using Insus.NET.Utilities;using System.Web.Routing;namespace Insus.NET.Attributes{ public class SecurityAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextbase httpContext) { return Securitybase.IsAuthorized; } public override void onAuthorization(AuthorizationContext filterContext) { string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; string actionName = filterContext.ActionDescriptor.ActionName; base.onAuthorization(filterContext); } protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { var routevalue = new RoutevalueDictionary { { "Controller", "Home"}, { "Action", "Index"} }; filterContext.Result = new RedirectToRouteResult(routevalue); } }}Source Code
这个过滤器SecurityAuthorizeAttribute.cs,稍后我们会在控制器中应用到它。
接下你需要写控制器了,不,我们似乎少写了一些物件,如model和Entity:
Models写好,还差一个Entity,这个实体是与数据连接的物件:
在ASP.NET MVC中,实现登录验证的演示,最少需要两个控制器,一个是给匿名用户访问的,它包含普通的页面和一些基本的操作。另一个控制器是经过验证通过之后才能访问的页面。
另一个控制器:
最后是创建视图了:
@{ Layout = null;} Index #logincontact label { display: inline-block; width: 100px; text-align: right; } #logincontact_submit { padding-left: 100px; } #logincontact div { margin-top: 1em; } .error { display: none; margin-left: 10px; } .error_show { color: red; margin-left: 10px; } input.invalid { border: 2px solid red; } input.valid { border: 2px solid green; } Source Code
还有一个:
@{ Layout = null;} Index Hi @ViewBag.UserName Source Code
结束了,来一个实时演示吧:
