ASP.NET MVC 实现统一登录验证

1.先写个主页面

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace WebApplication4.Controllers
{
public class HomeController : Controller
{
public ActionResult Index()
{
string name = "";
//Session里面有值，就表示已经登录
if (Session["User"]!= null)
{
name = Session["User"].ToString();
}
//Session=null就跳转到登录页面
else
{
return RedirectToAction("Login", "Login");
}
return Content("欢迎【"+name+"】登录");
}
}
}

2.登录页面

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using WebApplication4.Filters;

namespace WebApplication4.Controllers
{
//登录页加上此特性，不需要做登录验证，要不加会陷入死循环，导致浏览器崩溃
[SkipCheckLoginAttribute]
public class LoginController : Controller
{
// GET: Login
[HttpGet]
public ActionResult Login()
{
return View();
}
[HttpPost]
public ActionResult Login(FormCollection forms)
{
string name = forms["name"];
string pwd = forms["pwd"];

if(name=="Admin" && pwd == "Admin")
{
Session["User"] = name;
}

return RedirectToAction("Index","Home");
}
}
}

View页的登录

@{
Layout = null;
}

<!DOCTYPE html>

<html>
<head>
<meta name="viewport" content="width=device-width" />
<title>Login</title>
</head>
<body>
<div>
@using (Html.BeginForm("Login", "Login", FormMethod.Post))
{
<input type="text" name="name" /><br />
<input type="text" name="pwd" /><br />
<input type="submit" value="登录" />
}
</div>
</body>
</html>

3.一个登录验证的过滤器CheckLoginAttribute

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace WebApplication4.Filters
{
using System.Web.Mvc;
/// <summary>
/// 统一登陆验证
/// </summary>
public class CheckLoginAttribute:ActionFilterAttribute
{
//重写ActionFilterAttribute中的OnActionExecuted方法，表示在执行Action之前执行此方法
public override void OnActionExecuted(ActionExecutedContext filterContext)
{
//判断Action方法的Control是否跳过登录验证
if (filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(SkipCheckLoginAttribute), false))
{
return;
}
//判断Action方法是否跳过登录验证
if (filterContext.ActionDescriptor.IsDefined(typeof(SkipCheckLoginAttribute), false))
{
return;
}
if (filterContext.HttpContext.Session["User"] == null)
{
//跳转方法1：
filterContext.HttpContext.Response.Redirect("/Login/Login");
//跳转方法2：
ViewResult view = new ViewResult();
//指定要返回的完整视图名称
view.ViewName = "~/View/Login/Login.cshtml";
}
}
}
}

4.一个跳过登录验证的自定义属性类SkipCheckLoginAttribute

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace WebApplication4.Filters
{
//要继承所有属性的基类Attribute
public class SkipCheckLoginAttribute:Attribute
{

}
}

5.把SkipCheckLoginAttribute添加到全局过滤器中

using System.Web;
using System.Web.Mvc;
using WebApplication4.Filters;

namespace WebApplication4
{
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
//添加自定义过滤器
filters.Add(new CheckLoginAttribute());
}
}
}