.Net Core 權限驗證與受權（AuthorizeFilter、ActionFilterAttribute）

在.Net Core 中使用AuthorizeFilter或者ActionFilterAttribute來實現登陸權限驗證和受權

1、AuthorizeFilter

新建受權類AllowAnonymous繼承AuthorizeFilter，IAllowAnonymousFilter

public class AllowAnonymous : AuthorizeFilter, IAllowAnonymousFilter
{

 }

 

新建攔截類繼承AuthorizeFilter

public class LoginAuthorzation : AuthorizeFilter
{

}

 

在攔截類里加入處理請求的方法

        /// <summary>
        ///  請求驗證，當前驗證部分不要拋出異常，ExceptionFilter不會處理
        /// </summary>
        /// <param name="context">請求內容信息</param>
        public override async Task OnAuthorizationAsync(AuthorizationFilterContext context)
        {
            if (IsHaveAllow(context.Filters))
            {
                return;
            }
 

            //解析url
            // {/ Home / Index}
            var url = context.HttpContext.Request.Path.Value;
            if (string.IsNullOrWhiteSpace(url))
            {
                return;
            }

            var list = url.Split("/");
            if (list.Length<=0||url=="/")
            {
                return;
            }
            var controllerName = list[1].ToString().Trim();
            var actionName = list[2].ToString().Trim();
 

            //驗證
            var flag=PowerIsTrue.IsHavePower(controllerName, actionName);
            if (flag.Item1!=0)
            {

                context.Result = new RedirectResult("/Home/Index");
            }
        }
 

//判斷是否不須要權限

public static bool IsHaveAllow(IList<IFilterMetadata> filers)
        {
            for (int i = 0; i < filers.Count; i++)
            {
                if (filers[i] is IAllowAnonymousFilter)
                {
                    return true;
                }
            }
            return false;

        }    

 

新建一個業務邏輯判斷的類

public static (int,string) IsHavePower(string controllerName,string actionName)
        {

            return (0,"經過");

        }

 

在Startup註冊  

 services.AddMvc(options =>
            {

                options.Filters.Add<LoginAuthorzation>(); // 添加身份驗證過濾器

            }

 

context.HttpContext.Request.Path.Value   獲取請求過來的url

 

2、ActionFilterAttribute

        建立權限判斷類繼承ActionFilterAttribute

public class ActionFilterAttributeLogin: ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)

         {
            var isDefined = false;
            var controllerActionDescriptor = filterContext.ActionDescriptor as ControllerActionDescriptor;
            if (controllerActionDescriptor != null)
            {
                isDefined = controllerActionDescriptor.MethodInfo.GetCustomAttributes(inherit: true)
                  .Any(a => a.GetType().Equals(typeof(NoPermissionRequiredAttribute)));
            }
            if (isDefined) return;
            if (string.IsNullOrWhiteSpace(filterContext.HttpContext.Request.Query["LoginInfo"].ToString()))
            {
                var item = new ContentResult();
                item.Content = "沒得權限";
               
                filterContext.Result = new RedirectResult("/Account/Login");
            }
            base.OnActionExecuting(filterContext);
        }

        public class NoPermissionRequiredAttribute : ActionFilterAttribute
        {
            public override void OnActionExecuting(ActionExecutingContext filterContext)
            {
                base.OnActionExecuting(filterContext);

            }

        }
    }

 

在Startup註冊

services.AddMvc(options =>
            {
                options.Filters.Add<ActionFilterAttributeLogin>(); // 添加身份驗證過濾器 -- 菜單操做權限

            }

 

filterContext.ActionDescriptor as ControllerActionDescriptor    獲取請求進來的控制器與方法

controllerActionDescriptor.MethodInfo.GetCustomAttributes(inherit: true)

.Any(a => a.GetType().Equals(typeof(NoPermissionRequiredAttribute)))      判斷請求的控制器和方法有沒有加上NoPermissionRequiredAttribute（不須要權限）

 

string.IsNullOrWhiteSpace(filterContext.HttpContext.Request.Query["LoginInfo"].ToString())     判斷請求頭是否有標識