源代碼GitHub:https://github.com/ZhaoRd/Zrd_0001_AuthorityManagementhtml
權限驗證過程當中,如何判斷全部過程是一個難點,少判斷一個過程,那麼這個驗證就不完整。git
本節主要介紹了在這個Demo中使用的驗證原理以及過程github
在上一章中說道驗證過程主要是依賴mvc的controller和action,經過attribute採集信息。c#
在mvc中,添加IAuthorizationFilter接口的實現類,實現OnAuthorization方法,全部的權限驗證均在這個方法內完成,在FilterConfig類中註冊該實現,代碼以下:架構
咱們經過判斷AllowAnonymousAttribute是否是匿名訪問,經過判斷SystemModelAttribute是否是系統模塊,經過判斷NeedLoginedAttribute是否是須要登陸訪問,經過判斷PermissionSettingAttribute是否是具備權限限制。mvc
1. 匿名訪問
namespace AuthorityManagement.Web.Filters { using System; using System.Text; using System.Web.Mvc; using System.Web.Security; using Presentation.Attributes; using Presentations; using Presentations.Attributes; using Skymate; using Skymate.Engines; using AllowAnonymousAttribute = System.Web.Http.AllowAnonymousAttribute; /// <summary> /// The my authorization filter. /// </summary> public class MyAuthorizationFilter : IAuthorizationFilter { /// <summary> /// The on authorization. /// </summary> /// <param name="filterContext"> /// The filter context. /// </param> public void OnAuthorization(AuthorizationContext filterContext) { var actionDescriptor = filterContext.ActionDescriptor; var controllerDescriptor = filterContext.ActionDescriptor.ControllerDescriptor; // 匿名一概綠燈通行 var isAllowAnonymou = actionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), false); if (isAllowAnonymou) { return; } // 非系統模塊,一概通行 var isSystemModel = controllerDescriptor.IsDefined(typeof(SystemModelAttribute), false); if (!isSystemModel) { return; } // 須要登陸訪問 var isNeedLogined = actionDescriptor.IsDefined(typeof(NeedLoginedAttribute), false) || controllerDescriptor.IsDefined(typeof(NeedLoginedAttribute), false); var userId = string.Empty; if (isNeedLogined) { var authCookie = filterContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie == null) { filterContext.Result = new HttpUnauthorizedResult(); return; } var authTicket = FormsAuthentication.Decrypt(authCookie.Value); if (authTicket == null || authTicket.UserData == string.Empty) { filterContext.Result = new HttpUnauthorizedResult(); return; } userId = authTicket.UserData; } var isSetPermission = actionDescriptor.IsDefined(typeof(PermissionSettingAttribute), false); // 若是沒有設置具體權限,一概經過 if (!isSetPermission) { return; } var systemModelAttribute = (SystemModelAttribute)controllerDescriptor.GetCustomAttributes(typeof(SystemModelAttribute), false)[0]; var permissionSetting = (PermissionSettingAttribute) actionDescriptor.GetCustomAttributes(typeof(PermissionSettingAttribute), false)[0]; var datatokens = filterContext.RequestContext.RouteData.DataTokens["area"]; // 計算area var areaName = datatokens == null ? string.Empty : datatokens.ToString(); var groupName = systemModelAttribute.GroupName ?? areaName; var permissionService = EngineContext.Current.Resolve<IPermissionService>(); var isAllowed = permissionService.VerifyAuthority(new VerifyAuthorityInputDto() { LoginUserId = Guid.Parse(userId), GroupName = groupName, PermissionValue = permissionSetting.PermissionValue, SystemModelName = systemModelAttribute.Name }); if (!isAllowed && filterContext.HttpContext.Request.IsAjaxRequest()) { filterContext.Result = new JsonResult { Data = OperationResult.Error("無操做權限"), ContentEncoding = Encoding.UTF8, JsonRequestBehavior = JsonRequestBehavior.AllowGet }; return; } if (!isAllowed) { filterContext.HttpContext.Response.Redirect("~/401.html"); } } } }
推薦QQ羣:ui
278252889(AngularJS中文社區)spa
5008599(MVC EF交流羣)架構設計
134710707(ABP架構設計交流羣 )設計
59557329(c#基地 )
230516560(.NET DDD基地 )
本人聯繫方式:QQ:351157970