2016-07-26 237 views
0

我有一個自定義身份驗證設置,以便用戶存儲爲會話變量。一旦他們去通過賬戶/登錄過程中,我在會話中存儲從第三方API返回用戶的細節是這樣的:MVC中的自定義身份驗證

Session["User"] = new UserViewModel(result); 

我要檢查用戶出現之前,每個控制器動作,所以我有做在它下面的檢查一個BaseController:

protected override void OnActionExecuting(ActionExecutingContext filterContext) 
{ 
    if (Session["User"] != null) 
    base.OnActionExecuting(filterContext); 
    else 
    filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { action = "LogIn", controller = "Account" })); 

每個控制器然後從BaseController繼承,以便它重定向到登錄頁面,如果沒有用戶。我不從AccountController的BaseController繼承,這樣它就不會進入無限循環的檢查和重定向,但我也想讓特定的頁面不檢查登錄。有沒有辦法做到這一點,即以與[AllowAnonymous]相同的方式編寫例外規則?

+0

爲什麼不創建一個自定義的授權屬性,並將其僅應用於要執行此檢查的控制器? – Alex

+0

覆蓋授權屬性而不是ActionFilters –

回答

0

你可以在這些方法爲使用過濾器:

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)] 
public class ActionCheckAttribute : ActionFilterAttribute 
{ 
    public override void OnActionExecuting(ActionExecutingContext filterContext) 
    { 
     string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower().Trim(); 
     string actionName = filterContext.ActionDescriptor.ActionName.ToLower().Trim(); 

     // this is just a sample.. you can implement any logic you want 
     if (!actionName.StartsWith("your method name") && !controllerName.StartsWith("your controller name")) 
     { 
      var session1 = HttpContext.Current.User.Identity.Name; 
      HttpContext ctx = HttpContext.Current; 
      //Redirects user to login screen if session has timed out 
      if (session1 == null) 
      { 
       base.OnActionExecuting(filterContext); 

       filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new 
       { 
        controller = "Account", 
        action = "LogOff" 
       })); 
      } 
     } 

    } 
} 

然後控制器把屬性爲:

[ActionCheck] 
public class MyController : Controller 
{ 
    public ActionResult Index() 
    { 
     return View(); 
    } 
} 

,或對具體的操作方法爲:

[ActionCheck] 
public Actionresult SomeMethod() 
{ 
    return View(); 
}