来源: [转载]Asp.Net MVC 权限控制(一):使用 Authorize Roles 简单实现 – Jetlian – 博客园
最近由于项目的需要对权限控制做了几个Demo,贴出来供大家拍砖!
首先创建一个 BaseController ,让所有的Controller继承自BaseController 。
<div class="container">
<div class="line number1 index0 alt2"><code class="csharp plain">[Authorize]</code></div>
<div class="line number2 index1 alt1"><code class="csharp keyword">public</code> <code class="csharp keyword">class</code> <code class="csharp plain">BaseController : Controller</code></div>
<div class="line number3 index2 alt2"><code class="csharp plain">{</code></div>
<div class="line number4 index3 alt1"></div>
<div class="line number5 index4 alt2"><code class="csharp plain">}</code></div>
<div class="line number5 index4 alt2">
系统登录需要一个 AccountController ,继承自BaseController ,并添加匿名访问标记 AllowAnonymous。
AccountController 实现系统的登录功能,并将用户信息保存到Cookie中。
<div class="container">
<div class="line number1 index0 alt2"><code class="csharp spaces"> </code><code class="csharp plain">[AllowAnonymous]</code></div>
<div class="line number2 index1 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">public</code> <code class="csharp keyword">class</code> <code class="csharp plain">AccountController : BaseController</code></div>
<div class="line number3 index2 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number4 index3 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">public</code> <code class="csharp plain">ActionResult Index()</code></div>
<div class="line number5 index4 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number6 index5 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">return</code> <code class="csharp plain">View();</code></div>
<div class="line number7 index6 alt2"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number8 index7 alt1"></div>
<div class="line number9 index8 alt2"><code class="csharp spaces"> </code><code class="csharp keyword">public</code> <code class="csharp plain">ActionResult Login(</code><code class="csharp keyword">string</code> <code class="csharp plain">returnUrl)</code></div>
<div class="line number10 index9 alt1"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number11 index10 alt2"><code class="csharp spaces"> </code><code class="csharp plain">ViewBag.ReturnUrl = returnUrl;</code></div>
<div class="line number12 index11 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">return</code> <code class="csharp plain">View();</code></div>
<div class="line number13 index12 alt2"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number14 index13 alt1"></div>
<div class="line number15 index14 alt2"><code class="csharp spaces"> </code><code class="csharp plain">[HttpPost]</code></div>
<div class="line number16 index15 alt1"><code class="csharp spaces"> </code><code class="csharp plain">[AllowAnonymous]</code></div>
<div class="line number17 index16 alt2"><code class="csharp spaces"> </code><code class="csharp plain">[ValidateAntiForgeryToken]</code></div>
<div class="line number18 index17 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">public</code> <code class="csharp plain">ActionResult Login(LoginModel model, </code><code class="csharp keyword">string</code> <code class="csharp plain">returnUrl)</code></div>
<div class="line number19 index18 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number20 index19 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">string</code> <code class="csharp plain">roles = </code><code class="csharp string">""</code><code class="csharp plain">;</code></div>
<div class="line number21 index20 alt2"><code class="csharp spaces"> </code><code class="csharp keyword">var</code> <code class="csharp plain">userName = model.UserName;</code></div>
<div class="line number22 index21 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">if</code> <code class="csharp plain">(userName == </code><code class="csharp string">"admin"</code><code class="csharp plain">)</code></div>
<div class="line number23 index22 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number24 index23 alt1"><code class="csharp spaces"> </code><code class="csharp plain">roles = </code><code class="csharp string">"Admin"</code><code class="csharp plain">;</code></div>
<div class="line number25 index24 alt2"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number26 index25 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">else</code> <code class="csharp keyword">if</code> <code class="csharp plain">(userName == </code><code class="csharp string">"ib"</code><code class="csharp plain">)</code></div>
<div class="line number27 index26 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number28 index27 alt1"><code class="csharp spaces"> </code><code class="csharp plain">roles = </code><code class="csharp string">"IBusiness"</code><code class="csharp plain">;</code></div>
<div class="line number29 index28 alt2"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number30 index29 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">else</code> <code class="csharp keyword">if</code><code class="csharp plain">(userName == </code><code class="csharp string">"ia"</code><code class="csharp plain">)</code></div>
<div class="line number31 index30 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number32 index31 alt1"><code class="csharp spaces"> </code><code class="csharp plain">roles = </code><code class="csharp string">"IApproval"</code><code class="csharp plain">;</code></div>
<div class="line number33 index32 alt2"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number34 index33 alt1"><code class="csharp spaces"> </code></div>
<div class="line number35 index34 alt2"><code class="csharp spaces"> </code><code class="csharp plain">FormsAuthenticationTicket authTicket = </code><code class="csharp keyword">new</code> <code class="csharp plain">FormsAuthenticationTicket(</code></div>
<div class="line number36 index35 alt1"><code class="csharp spaces"> </code><code class="csharp plain">1,</code></div>
<div class="line number37 index36 alt2"><code class="csharp spaces"> </code><code class="csharp plain">userName,</code></div>
<div class="line number38 index37 alt1"><code class="csharp spaces"> </code><code class="csharp plain">DateTime.Now,</code></div>
<div class="line number39 index38 alt2"><code class="csharp spaces"> </code><code class="csharp plain">DateTime.Now.AddMinutes(20),</code></div>
<div class="line number40 index39 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">false</code><code class="csharp plain">,</code></div>
<div class="line number41 index40 alt2"><code class="csharp spaces"> </code><code class="csharp plain">roles</code><code class="csharp comments">//写入用户角色</code></div>
<div class="line number42 index41 alt1"><code class="csharp spaces"> </code><code class="csharp plain">);</code></div>
<div class="line number43 index42 alt2"></div>
<div class="line number44 index43 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">string</code> <code class="csharp plain">encryptedTicket = FormsAuthentication.Encrypt(authTicket);</code></div>
<div class="line number45 index44 alt2"></div>
<div class="line number46 index45 alt1"><code class="csharp spaces"> </code><code class="csharp plain">System.Web.HttpCookie authCookie = </code><code class="csharp keyword">new</code> <code class="csharp plain">System.Web.HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);</code></div>
<div class="line number47 index46 alt2"><code class="csharp spaces"> </code><code class="csharp plain">System.Web.HttpContext.Current.Response.Cookies.Add(authCookie);</code></div>
<div class="line number48 index47 alt1"></div>
<div class="line number49 index48 alt2"><code class="csharp spaces"> </code><code class="csharp keyword">return</code> <code class="csharp keyword">string</code><code class="csharp plain">.IsNullOrEmpty(returnUrl) ?</code></div>
<div class="line number50 index49 alt1"><code class="csharp spaces"> </code><code class="csharp plain">RedirectToAction(</code><code class="csharp string">"Index"</code><code class="csharp plain">, </code><code class="csharp string">"Home"</code><code class="csharp plain">)</code></div>
<div class="line number51 index50 alt2"><code class="csharp spaces"> </code><code class="csharp plain">: RedirectToLocal(returnUrl);</code></div>
<div class="line number52 index51 alt1"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number53 index52 alt2"></div>
<div class="line number54 index53 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">private</code> <code class="csharp plain">ActionResult RedirectToLocal(</code><code class="csharp keyword">string</code> <code class="csharp plain">returnUrl)</code></div>
<div class="line number55 index54 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number56 index55 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">if</code> <code class="csharp plain">(Url.IsLocalUrl(returnUrl))</code></div>
<div class="line number57 index56 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number58 index57 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">return</code> <code class="csharp plain">Redirect(returnUrl);</code></div>
<div class="line number59 index58 alt2"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number60 index59 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">else</code></div>
<div class="line number61 index60 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number62 index61 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">return</code> <code class="csharp plain">RedirectToAction(</code><code class="csharp string">"Index"</code><code class="csharp plain">, </code><code class="csharp string">"Home"</code><code class="csharp plain">);</code></div>
<div class="line number63 index62 alt2"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number64 index63 alt1"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number65 index64 alt2"></div>
<div class="line number66 index65 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">public</code> <code class="csharp plain">ActionResult LogOff()</code></div>
<div class="line number67 index66 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number68 index67 alt1"><code class="csharp spaces"> </code><code class="csharp plain">FormsAuthentication.SignOut();</code></div>
<div class="line number69 index68 alt2"><code class="csharp spaces"> </code><code class="csharp keyword">return</code> <code class="csharp plain">RedirectToAction(</code><code class="csharp string">"Index"</code><code class="csharp plain">, </code><code class="csharp string">"Home"</code><code class="csharp plain">);</code></div>
<div class="line number70 index69 alt1"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number71 index70 alt2"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number72 index71 alt1"><code class="csharp plain">}</code></div>
<div class="line number72 index71 alt1">
在系统的业务Controller中添加角色验证标记。
</div>
<div class="line number72 index71 alt1">
<div class="container">
<div class="line number1 index0 alt2"><code class="csharp plain">[Authorize(Roles = </code><code class="csharp string">"Admin,IBusiness,IApproval"</code><code class="csharp plain">)]</code></div>
<div class="line number2 index1 alt1"><code class="csharp keyword">public</code> <code class="csharp keyword">class</code> <code class="csharp plain">InfrastructureController : BaseController</code></div>
<div class="line number3 index2 alt2"><code class="csharp plain">{</code></div>
<div class="line number4 index3 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">public</code> <code class="csharp plain">ActionResult Index()</code></div>
<div class="line number5 index4 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number6 index5 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">return</code> <code class="csharp plain">View();</code></div>
<div class="line number7 index6 alt2"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number8 index7 alt1"></div>
<div class="line number9 index8 alt2"><code class="csharp spaces"> </code><code class="csharp plain">[Authorize(Roles = </code><code class="csharp string">"IBusiness"</code><code class="csharp plain">)]</code></div>
<div class="line number10 index9 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">public</code> <code class="csharp plain">ActionResult Add()</code></div>
<div class="line number11 index10 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number12 index11 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">return</code> <code class="csharp plain">View();</code></div>
<div class="line number13 index12 alt2"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number14 index13 alt1"></div>
<div class="line number15 index14 alt2"><code class="csharp spaces"> </code><code class="csharp plain">[Authorize(Roles = </code><code class="csharp string">"IApproval"</code><code class="csharp plain">)]</code></div>
<div class="line number16 index15 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">public</code> <code class="csharp plain">ActionResult Approval()</code></div>
<div class="line number17 index16 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number18 index17 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">return</code> <code class="csharp keyword">this</code><code class="csharp plain">.View();</code></div>
<div class="line number19 index18 alt2"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number20 index19 alt1"></div>
<div class="line number21 index20 alt2"><code class="csharp plain">}</code></div>
<div class="line number21 index20 alt2">
最后在Global.asax中添加验证。
</div>
<div class="line number21 index20 alt2">
<div class="container">
<div class="line number1 index0 alt2"><code class="csharp color1">/// <summary></code></div>
<div class="line number2 index1 alt1"><code class="csharp color1">/// 构造方法</code></div>
<div class="line number3 index2 alt2"><code class="csharp color1">/// </summary></code></div>
<div class="line number4 index3 alt1"><code class="csharp keyword">public</code> <code class="csharp plain">MvcApplication()</code></div>
<div class="line number5 index4 alt2"><code class="csharp plain">{</code></div>
<div class="line number6 index5 alt1"><code class="csharp spaces"> </code><code class="csharp plain">AuthorizeRequest += </code><code class="csharp keyword">new</code> <code class="csharp plain">EventHandler(Application_AuthenticateRequest);</code></div>
<div class="line number7 index6 alt2"><code class="csharp plain">}</code></div>
<div class="line number8 index7 alt1"></div>
<div class="line number9 index8 alt2"><code class="csharp keyword">protected</code> <code class="csharp keyword">void</code> <code class="csharp plain">Application_AuthenticateRequest(Object sender, EventArgs e)</code></div>
<div class="line number10 index9 alt1"><code class="csharp plain">{</code></div>
<div class="line number11 index10 alt2"><code class="csharp spaces"> </code><code class="csharp plain">HttpCookie authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];</code></div>
<div class="line number12 index11 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">if</code> <code class="csharp plain">(authCookie == </code><code class="csharp keyword">null</code> <code class="csharp plain">|| authCookie.Value == </code><code class="csharp string">""</code><code class="csharp plain">)</code></div>
<div class="line number13 index12 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number14 index13 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">return</code><code class="csharp plain">;</code></div>
<div class="line number15 index14 alt2"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number16 index15 alt1"><code class="csharp spaces"> </code><code class="csharp plain">FormsAuthenticationTicket authTicket = </code><code class="csharp keyword">null</code><code class="csharp plain">;</code></div>
<div class="line number17 index16 alt2"><code class="csharp spaces"> </code><code class="csharp keyword">try</code></div>
<div class="line number18 index17 alt1"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number19 index18 alt2"><code class="csharp spaces"> </code><code class="csharp plain">authTicket = FormsAuthentication.Decrypt(authCookie.Value);</code></div>
<div class="line number20 index19 alt1"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number21 index20 alt2"><code class="csharp spaces"> </code><code class="csharp keyword">catch</code></div>
<div class="line number22 index21 alt1"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number23 index22 alt2"><code class="csharp spaces"> </code><code class="csharp keyword">return</code><code class="csharp plain">;</code></div>
<div class="line number24 index23 alt1"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number25 index24 alt2"><code class="csharp spaces"> </code><code class="csharp keyword">string</code><code class="csharp plain">[] roles = authTicket.UserData.Split(</code><code class="csharp keyword">new</code> <code class="csharp keyword">char</code><code class="csharp plain">[] { </code><code class="csharp string">','</code> <code class="csharp plain">});</code></div>
<div class="line number26 index25 alt1"><code class="csharp spaces"> </code><code class="csharp keyword">if</code> <code class="csharp plain">(Context.User != </code><code class="csharp keyword">null</code><code class="csharp plain">)</code></div>
<div class="line number27 index26 alt2"><code class="csharp spaces"> </code><code class="csharp plain">{</code></div>
<div class="line number28 index27 alt1"><code class="csharp spaces"> </code><code class="csharp plain">Context.User = </code><code class="csharp keyword">new</code> <code class="csharp plain">System.Security.Principal.GenericPrincipal(Context.User.Identity, roles);</code></div>
<div class="line number29 index28 alt2"><code class="csharp spaces"> </code><code class="csharp plain">}</code></div>
<div class="line number30 index29 alt1"><code class="csharp plain">}</code></div>
<div class="line number30 index29 alt1">