.NetCore使用过滤器实现登录权限认证的方法小结

/// 
 /// 自定义行为过滤器，实现登录及权限的验证 /// 
 public class SystemAuthorizeFilter : IActionFilter { public void OnActionExecuted(ActionExecutedContext context) { //throw new NotImplementedException(); } /// 
 /// 在执行控制器中的Action方法之前执行该方法  判断当前用户是否登录 /// 
 ///  public void OnActionExecuting(ActionExecutingContext context) {　　　　　　　 //排除可以匿名访问的  未登录时 if (HasAllow(context) == false && context.HttpContext.Session.GetString("User") == null) { bool isAjax = IsAjax(context.HttpContext.Request); //如果是Ajax请求自定义返回json if (isAjax) { context.Result = new JsonResult(new { Code = 401, Msg = "登录已失效，请重新登录2！" }) { StatusCode=StatusCodes.Status401Unauthorized }; } else { ContentResult Content = new ContentResult(); Content.Content = ""; Content.ContentType = "text/html;charset=utf-8"; context.Result = Content; } } } /// 
 /// 排除掉控制器不需要鉴权  即加[AllowAnonymous]特性的无需鉴权 /// 
 ///  ///  public static bool HasAllow(ActionExecutingContext context) { var filters = context.Filters; if (filters.OfType().Any()) { return true; } var endpoint = context.HttpContext.GetEndpoint(); return endpoint?.Metadata?.GetMetadata() != null; } /// 
 /// 判断是否是Ajax请求 /// 
 ///  ///  public static bool IsAjax(HttpRequest req) { bool result = false; var xreq = req.Headers.ContainsKey("x-requested-with"); if (xreq) { result = req.Headers["x-requested-with"] == "XMLHttpRequest"; } return result; } }

//配置系统过滤器 services.AddControllersWithViews().AddMvcOptions(options => { //自定义行为过滤器的方式，验证是否登录及用户权限 options.Filters.Add(); }).AddNewtonsoftJson(options=> { //全局日期格式化 options.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss"; //返回的Json大小写原样输出 options.SerializerSettings.ContractResolver = new DefaultContractResolver(); });

$.ajax({ type: "POST", data: "", async: false, dataType: "json", url: "", beforeSend: function () { }, success: function (data) { if (data.Code != null && data.Code != "undefined" && data.Code == 401) {　　　　　　　　　　　　alert('登录已失效，请重新登录！'); top.location.href='/Login/Login';　　　　　　　　　 }                 console.log(data);             },             complete: function () { },             error: function (data) { }         });

/// 
 /// 自定义身份验证过滤器，实现登录及权限的验证 /// 
 public class CustomAuthorizeFilter : IAuthorizationFilter { public void OnAuthorization(AuthorizationFilterContext context) { //如果需要授权 但未登录 if (HasAllowAnonymous(context) == false && context.HttpContext.Session.GetString("User") == null) { bool isAjax = IsAjax(context.HttpContext.Request); //如果是Ajax请求自定义返回json if (isAjax) { context.Result = new JsonResult(new { Code = 401, Msg = "登录已失效，请重新登录2！" }) { StatusCode = StatusCodes.Status401Unauthorized }; } else { ContentResult Content = new ContentResult(); Content.Content = ""; Content.ContentType = "text/html;charset=utf-8"; context.Result = Content; } } } /// 
 /// 排除掉控制器不需要鉴权的 /// 
 ///  ///  private static bool HasAllowAnonymous(AuthorizationFilterContext context) { var filters = context.Filters; if (filters.OfType().Any()) { return true; } var endpoint = context.HttpContext.GetEndpoint(); return endpoint?.Metadata?.GetMetadata() != null; } /// 
 /// 判断是否是Ajax请求 /// 
 ///  ///  public static bool IsAjax(HttpRequest req) { bool result = false; var xreq = req.Headers.ContainsKey("x-requested-with"); if (xreq) { result = req.Headers["x-requested-with"] == "XMLHttpRequest"; } return result; } }

/// 
 /// 在执行控制器中的Action方法之前执行该方法  判断当前用户是否登录 /// 
 ///  public override void OnActionExecuting(ActionExecutingContext context) { if (context.HttpContext.Session.GetString("User")==null) { //context.Result = Redirect("/Login/Login"); ContentResult Content = new ContentResult(); Content.Content= ""; Content.ContentType = "text/html;charset=utf-8"; context.Result = Content; return; } }