ASP.NET MVC備忘

身份驗證

方式一

using System; using System.Collections.Generic; using System.Linq; using System.Web; namespace ZSZ.AdminWeb.App_Start { //這個Attribute能夠應用到方法上，並且能夠添加多個 [AttributeUsage(AttributeTargets.Method,AllowMultiple =true)] public class CheckPermissionAttribute:Attribute { public string Permission { get; set; } public CheckPermissionAttribute(string permission) { this.Permission = permission; } } }

using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Mvc; using ZSZ.CommonMVC; using ZSZ.IService; namespace ZSZ.AdminWeb.App_Start { public class ZSZAuthorizeFilter : IAuthorizationFilter { //public IAdminUserService userService { get; set; } public void OnAuthorization(AuthorizationContext filterContext) { //得到當前要執行的Action上標註的CheckPermissionAttribute實例對象 CheckPermissionAttribute[] permAtts = (CheckPermissionAttribute[])filterContext.ActionDescriptor .GetCustomAttributes(typeof(CheckPermissionAttribute),false); if (permAtts.Length <= 0)//沒有標註任何的CheckPermissionAttribute，所以也就不須要檢查是否登陸 //「無慾無求」 { return;//登陸等這些不要求有用戶登陸的功能 } //獲得當前登陸用戶的id long? userId = (long?)filterContext.HttpContext.Session["LoginUserId"]; if(userId==null)//連登陸都沒有，就不能訪問 { // filterContext.HttpContext.Response.Write("沒有登陸"); //filterContext.HttpContext.Response.Redirect(); //根據不一樣的請求，給予不一樣的返回格式。確保ajax請求，瀏覽器端也能收到json格式 if(filterContext.HttpContext.Request.IsAjaxRequest()) { AjaxResult ajaxResult = new AjaxResult(); ajaxResult.Status = "redirect"; ajaxResult.Data = "/Main/Login"; ajaxResult.ErrorMsg = "沒有登陸"; filterContext.Result = new JsonNetResult { Data= ajaxResult }; } else { filterContext.Result = new RedirectResult("~/Main/Login"); } //filterContext.Result = new ContentResult() { Content= "沒有登陸" }; return; } //因爲ZSZAuthorizeFilter不是被autofac建立，所以不會自動進行屬性的注入 //須要手動獲取Service對象 IAdminUserService userService = DependencyResolver.Current.GetService<IAdminUserService>(); //檢查是否有權限 foreach (var permAtt in permAtts) { //判斷當前登陸用戶是否具備permAtt.Permission權限 //(long)userId userId.Value if (!userService.HasPermission(userId.Value,permAtt.Permission)) { //只要碰到任何一個沒有的權限，就禁止訪問 //在IAuthorizationFilter裏面，只要修改filterContext.Result //那麼真正的Action方法就不會執行了 if (filterContext.HttpContext.Request.IsAjaxRequest()) { AjaxResult ajaxResult = new AjaxResult(); ajaxResult.Status = "error"; ajaxResult.ErrorMsg = "沒有權限"+permAtt.Permission; filterContext.Result = new JsonNetResult { Data = ajaxResult }; } else { filterContext.Result = new ContentResult { Content = "沒有" + permAtt.Permission + "這個權限" }; } return; } } } } }

方式二 BaseController

標註

ValidateAntiForgeryToken:  表示用於阻止僞造請求的特性

AllowAnonymous：表示一個特性，該特性用於標記在受權期間要跳過System.Web.Mvc.AuthorizeAttribute 的控制器和操做

Authorize:

Route:

using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Microsoft.AspNetCore.Mvc; namespace WebApplication1.Controllers { [Route("About")] [Route("[controller]")] [Route("[controller]/[action]")] [Route("v2/[controller]/[action]")] public class AboutController { [Route("")] public string Me() { return "Dave"; } [Route("company")] [Route("[action]")] public string Company() { return "No Company"; } } } 

 ModelState.AddModelError("", "驗證碼不正確。");

 <div class="float-right">@Html.ValidationSummary()</div>

 

 var nodes = treeObj.getCheckedNodes(true);

 JSON.stringify(nodes)

 IEnumerable<SysMenuDTO> list1 = JsonConvert.DeserializeObject<List<SysMenuDTO>>(menus);