我要评论1.权限控制使用controller和 action来实现,权限方式有很多种,最近开发项目使用控制控制器方式实现代码如下
/// <summary>
/// 用户权限控制
/// </summary>
public class userauthorize : authorizeattribute
{
/// <summary>
/// 授权失败时呈现的视图
/// </summary>
public string authorizationfailview { get; set; }
/// <summary>
/// 请求授权时执行
/// </summary>
/// <param name="filtercontext">上下文</param>
public override void onauthorization(authorizationcontext filtercontext)
{
// 获取url请求里的 controller 和 action
string controllername = filtercontext.routedata.values["controller"].tostring();
string actionname = filtercontext.routedata.values["action"].tostring();
// 获取用户信息
userloginbaseinfo _userlogininfo = filtercontext.httpcontext.session[property.uerloginsession] as userloginbaseinfo;
//根据请求过来的controller和action去查询可以被哪些角色操作: 这是查询数据库 roleid使用 1,2,3,4格式
rolewithcontrolleraction rolewithcontrolleraction =
sampledata.rolewithcontrollerandaction.firstordefault(r => r.controllername.tolower() == controllername.tolower() && r.actionname.tolower() == actionname.tolower() && r.roleids.contails("3"));
// 有值处理
if (rolewithcontrolleraction != null)
{
//有权限操作当前控制器和action的角色id
this.roles = rolewithcontrolleraction.roleids;
}
else
{
//请求失败输出空结果
filtercontext.result = new emptyresult();
//打出提示文字
httpcontext.current.response.write("对不起,你没有权限操作!");
}
base.onauthorization(filtercontext);
}
/// <summary>
/// 自定义授权检查(返回false则授权失败)
/// </summary>
protected override bool authorizecore(httpcontextbase httpcontext)
{
//if (httpcontext.user.identity.isauthenticated)
//{
// string username = httpcontext.user.identity.name; //当前登录用户的用户名
// user user = sampledata.users.find(u => u.username == username); //当前登录用户对象
// if (user != null)
// {
// role role = sampledata.roles.find(r => r.id == user.roleid); //当前登录用户的角色
// foreach (string roleid in roles.split(','))
// {
// if (role.id.tostring() == roleid)
// return true;
// }
// return false;
// }
// else
// return false;
//}
//else
// return false; //进入handleunauthorizedrequest
return true;
}
/// <summary>
/// 处理授权失败的http请求
/// </summary>
protected override void handleunauthorizedrequest(authorizationcontext filtercontext)
{
if (string.isnullorwhitespace(authorizationfailview))
authorizationfailview = "error";
filtercontext.result = new viewresult { viewname = authorizationfailview };
}
}
二.单点登录方式使用application方式来实现
1.用户登录成功后记录当前信息
/// <summary>
/// 限制一个用户只能登陆一次
/// </summary>
/// <returns></returns>
private void getonline()
{
string userid = "1";
hashtable singleonline = (hashtable)system.web.httpcontext.current.application[property.online];
if (singleonline == null)
singleonline = new hashtable();
idictionaryenumerator ide = singleonline.getenumerator();
string strkey = string.empty;
while (ide.movenext())
{
if (ide.value != null && ide.value.tostring().equals(userid))
{
//already login
strkey = ide.key.tostring();
//当前用户已存在移除、
singleonline.remove(strkey);
system.web.httpcontext.current.application.lock();
system.web.httpcontext.current.application[property.online] = singleonline;
system.web.httpcontext.current.application.unlock();
break;
}
}
//sessionid
if (!singleonline.containskey(session.sessionid))
{
singleonline[session.sessionid] = userid;
system.web.httpcontext.current.application.lock();
system.web.httpcontext.current.application[property.online] = singleonline;
system.web.httpcontext.current.application.unlock();
}
}
2.使用actionfilter来实现单点登录,每次点击控制器都去查询过滤是否在其它地方登录
/// <summary>
/// 用户基础信息过滤器
/// </summary>
public class loginactionfilter : actionfilterattribute
{
/// <summary>
/// 初始化地址
/// </summary>
public const string url = "~/login/index?error=";
/// <summary>
/// 该方法会在action方法执行之前调用
/// </summary>
/// <param name="filtercontext">上下文</param>
public override void onactionexecuting(actionexecutingcontext filtercontext)
{
// 获取上一级url
// var url1 = filtercontext.httpcontext.request.urlreferrer;
userloginbaseinfo _userlogin = filtercontext.httpcontext.session[property.uerloginsession] as userloginbaseinfo;
// 用户是否登陆
if (_userlogin == null)
{
filtercontext.result = new redirectresult(url + "登陆时间过期,请重新登陆!&url=" + filtercontext.httpcontext.request.rawurl);
}
else
{
filtercontext.httpcontext.session.timeout = 30;
}
//判断是否在其它地方登录
hashtable singleonline = (hashtable)system.web.httpcontext.current.application[property.online];
// 判断当前sessionid是否存在
if (singleonline != null && !singleonline.containskey(httpcontext.current.session.sessionid))
filtercontext.result = new redirectresult(url + "你的帐号已在别处登陆,你被强迫下线!");
base.onactionexecuting(filtercontext);
}
/// <summary>
/// 执行后
/// </summary>
/// <param name="filtercontext"></param>
public override void onresultexecuting(resultexecutingcontext filtercontext)
{
//记录操作日志,写进操作日志中
var controllername = filtercontext.routedata.values["controller"];
var actionname = filtercontext.routedata.values["action"];
base.onresultexecuting(filtercontext);
}
3.用户正常退出或则非正常退出处理当前用户信息销毁session
/// <summary>
/// session销毁
/// </summary>
protected void session_end()
{
hashtable singleonline = (hashtable)application[property.online];
if (singleonline != null && singleonline[session.sessionid] != null)
{
singleonline.remove(session.sessionid);
application.lock();
application[property.online] = singleonline;
application.unlock();
}
session.abandon();
}
以上所述是小编给大家介绍的asp.net mvc 权限过滤和单点登录(禁止重复登录),希望对大家有所帮助
您可能感兴趣的文章:
如您对本文有疑问或者有任何想说的,请 点击进行留言回复,万千网友为您解惑!
网友评论