我寫了ASP.NET MVC一個小的 '訪問控制' 過濾器是配置文件驅動。我可以在我的web.config中切換一個標誌,它會將所有未註冊的用戶移動到特定的頁面,除非他們專門請求登錄或註銷操作。你可以相應地調整你的實現,而不會有太多麻煩
過濾屬性
public class AccessControlAttribute : AuthorizeAttribute
{
public bool AccessControlEnabled {
get { return AccessControlSection.Settings != null; }
}
public bool LockoutEnabled {
get { return AccessControlEnabled && AccessControlSection.Settings.ForceLockout != null && AccessControlSection.Settings.ForceLockout.Enabled; }
}
public AccessControlAttribute() {
if (LockoutEnabled) {
Roles = AccessControlSection.Settings.ForceLockout.AllowRoles;
Users = AccessControlSection.Settings.ForceLockout.AllowUsers;
}
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
if (filterContext.IsChildAction || ApproveLockoutAction(filterContext))
return;
if (LockoutEnabled && !string.IsNullOrEmpty(AccessControlSection.Settings.ForceLockout.DefaultPage)) {
filterContext.HttpContext.Response.Redirect(AccessControlSection.Settings.ForceLockout.DefaultPage, false);
return;
}
base.HandleUnauthorizedRequest(filterContext);
}
private static bool ApproveLockoutAction(AuthorizationContext filterContext) {
var forceLockout = AccessControlSection.Settings.ForceLockout;
if (forceLockout == null || !forceLockout.Enabled)
return true;
if (string.IsNullOrEmpty(forceLockout.LogOnUrl) || string.IsNullOrEmpty(forceLockout.LogOffUrl))
return false;
if (filterContext.HttpContext.Request.AppRelativeCurrentExecutionFilePath.Equals(forceLockout.LogOnUrl, StringComparison.OrdinalIgnoreCase)
|| filterContext.HttpContext.Request.AppRelativeCurrentExecutionFilePath.Equals(forceLockout.LogOffUrl, StringComparison.OrdinalIgnoreCase)) {
return true;
}
return false;
}
}
配置處理器
public class AccessControlSection : ConfigurationSection
{
public const string SectionName = "accessControl";
public const string ForceLockoutKeyName = "forceLockout";
private static AccessControlSection _settings;
public static AccessControlSection Settings {
get {
if (_settings == null) {
object section = ConfigurationManager.GetSection(SectionName);
if (section != null)
_settings = section as AccessControlSection;
}
return _settings;
}
}
[ConfigurationProperty(ForceLockoutKeyName)]
public ForceLockoutElement ForceLockout {
get { return (ForceLockoutElement)this[ForceLockoutKeyName]; }
set { this[ForceLockoutKeyName] = value; }
}
}
public class ForceLockoutElement : ConfigurationElement
{
public const string AllowRolesKeyName = "allowRoles";
public const string AllowUsersKeyName = "allowUsers";
public const string DefaultPageKeyName = "defaultPage";
public const string EnabledKeyName = "enabled";
public const string LogOnUrlKeyName = "logOnUrl";
public const string LogOffUrlKeyName = "logOffUrl";
[ConfigurationProperty(AllowRolesKeyName, DefaultValue = "Admin")]
public string AllowRoles {
get { return (string)this[AllowRolesKeyName]; }
set { this[AllowRolesKeyName] = value; }
}
[ConfigurationProperty(AllowUsersKeyName)]
public string AllowUsers {
get { return (string)this[AllowUsersKeyName]; }
set { this[AllowUsersKeyName] = value; }
}
[ConfigurationProperty(DefaultPageKeyName, DefaultValue = "~/offline.htm")]
public string DefaultPage {
get { return (string)this[DefaultPageKeyName]; }
set { this[DefaultPageKeyName] = value; }
}
[ConfigurationProperty(LogOnUrlKeyName, DefaultValue = "~/auth/logon")]
public string LogOnUrl {
get { return (string)this[LogOnUrlKeyName]; }
set { this[LogOnUrlKeyName] = value; }
}
[ConfigurationProperty(LogOffUrlKeyName, DefaultValue = "~/auth/logoff")]
public string LogOffUrl {
get { return (string)this[LogOffUrlKeyName]; }
set { this[LogOffUrlKeyName] = value; }
}
[ConfigurationProperty(EnabledKeyName, DefaultValue = true)]
public bool Enabled {
get { return (bool)this[EnabledKeyName]; }
set { this[EnabledKeyName] = value; }
}
public string[] AllowedUsersArray {
get {
if (string.IsNullOrEmpty(AllowUsers))
return null;
return AllowUsers.Split(new[] {','}, StringSplitOptions.RemoveEmptyEntries);
}
}
public string[] AllowRolesArray {
get {
if (string.IsNullOrEmpty(AllowRoles))
return null;
return AllowRoles.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
}
}
}
實施例的Web.config
<configuration>
<configSections>
<section name="accessControl" type="MyWebsite.Config.AccessControlSection, MyWebsite" />
</configSections>
<accessControl>
<forceLockout enabled="true" defaultPage="~/inviteonly.htm"
logOnUrl="~/logon"
logOffUrl="~/logoff"
allowRoles="Members" />
</accessControl>
</configuration>
通過上述配置,任何未登錄或未成爲「成員」角色的用戶都將被重定向到「〜/ inviteonly.htm」。您可以通過逗號分隔'allowRoles'和'allowUsers'屬性中的值來指定多個允許的角色和/或用戶。
AccessControlAttribute
必須註冊爲全局過濾器,或者放置在BaseController類定義中才能使所有工作正常。
@ nathan-taylor甜,看起來像一個很好的開始,謝謝!明天我會提供代碼。所以看起來我只是註冊'GlobalFilters.Filters.Add(new AccessControlAttribute());'並且可以將defaultPage設置爲View? – 2011-03-15 03:24:49
@MarcM重定向基於任意的URL,只要你有一個路由分配給該視圖,是的。 – 2011-03-15 06:30:48