你的位置:首页 > ASP.net教程

[ASP.net教程]ASP.NET MVC权限验证 封装类


 

写该权限类主要目地

为了让权限配置更加的灵活,可以根据SQL、json、或者

 

使用步骤

 

1、要建一个全局过滤器

  //受权过滤器  public class AuthorizeFilter : AuthorizeAttribute  {    public override void OnAuthorization(AuthorizationContext filterContext)    {     }  }

  

2、Gobal里注册 GlobalFilters.Filters.Add(new AuthorizeFilter());该过该全局过滤器

  protected void Application_Start()    {      AreaRegistration.RegisterAllAreas();      GlobalConfiguration.Configure(WebApiConfig.Register);      GlobalFilters.Filters.Add(new AuthorizeFilter());      FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);      RouteConfig.RegisterRoutes(RouteTable.Routes);      BundleConfig.RegisterBundles(BundleTable.Bundles);    }

  

3、在过滤器中调用 SystemAuthorizeService.Start实现

 

   (1)使用对象进行权限验证




 public override void OnAuthorization(AuthorizationContext filterContext)    {            List<SystemAuthorizeModel> smList = new List<SystemAuthorizeModel>()      {        //用户1,2,3可以访问 area为admin 所有权限        new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.Area, AreaName="admin" , UserKeyArray=new dynamic[] { 1,2,3 /*用户授权数组*/} },        //用户8,7可以访问 area为admin 控制器为:center  所有权限        new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.Controller, AreaName="admin" , ControllerName="center", UserKeyArray=new dynamic[] { 8,7 /*用户授权数组*/} },                //用户1可以访问为 area为:null 控制器为:home 操作为:about 的请求        new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.Action, ControllerName="home" , ActionName="about" , UserKeyArray=new dynamic[] { 1 } },        //给用户100和110所有页面权限        new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.All, UserKeyArray=new dynamic[] { 100,110 } }      };      SystemAuthorizeErrorRedirect sr = new SystemAuthorizeErrorRedirect();      sr.DefaultUrl = "/user/login";//没有权限都跳转到DefaultUrl      //sr.ItemList=xx 设置更详细的跳转      SystemAuthorizeService.Start(filterContext, smList, sr, () =>      {        //获取用户ID         return 1; //用户ID为1,作为DEMO写死 ,当然了可以是SESSION也可以是COOKIES等 这儿就不解释了      });    }

  

(2)使用JSON转成对象进行验证

[
{
"SystemAuthorizeType": 1,
"AreaName": "admin",
"ControllerName": "center",
"ActionName": null,
"UserKeyArray": [
1,
2,
3
]
},
{
"SystemAuthorizeType": 1,
"AreaName": "admin",
"ControllerName": "center",
"ActionName": null,
"UserKeyArray": [
8,
7
]
},
{
"SystemAuthorizeType": 3,
"AreaName": null,
"ControllerName": "home",
"ActionName": "about",
"UserKeyArray": [
1
]
},
{
"SystemAuthorizeType": 0,
"AreaName": null,
"ControllerName": null,
"ActionName": null,
"UserKeyArray": [
100,
110
]
}
]



SystemAuthorizeService代码:

using System;using System.Collections.Generic;using System.Linq;using System.Linq.Expressions;using System.Web;using System.Web.Mvc;using System.Web.Routing;namespace Idea.Models.Filters{  /// <summary>  /// 系统授权服务  /// 作者:sunkaixuan  /// 时间:2015-10-25  /// </summary>  public class SystemAuthorizeService  {    /// <summary>    /// 启动系统授权    /// </summary>    /// <param name="filterContext"></param>    /// <param name="SystemAuthorizeList">所有验证项</param>    /// <param name="errorRediect">没有权限跳转地址</param>    /// <param name="GetCurrentUserId">获取当前用户ID</param>    public static void Start(AuthorizationContext filterContext, List<SystemAuthorizeModel> systemAuthorizeList, SystemAuthorizeErrorRedirect errorRediect, Func<object> GetCurrentUserKey)    {      if (errorRediect == null)      {        throw new ArgumentNullException("SystemAuthorizeService.Start.errorRediect");      }      if (systemAuthorizeList == null)      {        throw new ArgumentNullException("SystemAuthorizeService.Start.systemAuthorizeList");      }      //全部小写      foreach (var it in systemAuthorizeList)      {        it.ControllerName = it.ControllerName.ToLower();        it.ActionName = it.ActionName.ToLower();        it.AreaName = it.AreaName.ToLower();      }      //声名变量      var context = filterContext.HttpContext;      var request = context.Request;      var response = context.Response;      string actionName = filterContext.ActionDescriptor.ActionName.ToLower();      string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower();      string areaName = null;      bool isArea = filterContext.RouteData.DataTokens["area"] != null;      //变量赋值      if (isArea)        areaName = filterContext.RouteData.DataTokens["area"].ToString().ToLower();      //函数方法      #region 函数方法      Action<string, string, string> Redirect = (action, controller, area) =>      {        filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = controller, action = action, area = area }));      };      Action<string> RedirectUrl = url =>      {        filterContext.Result = new RedirectResult(url);      };      #endregion      Func<SystemAuthorizeErrorRedirectItemList, bool> redirectActionExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName && it.Controller == controllerName && it.Action == actionName;      Func<SystemAuthorizeErrorRedirectItemList, bool> redirectControllerExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName && it.Controller == controllerName;      Func<SystemAuthorizeErrorRedirectItemList, bool> redirectAreaExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName;      Func<SystemAuthorizeModel, bool> actionExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.AreaName == areaName && it.ControllerName == controllerName && it.ActionName == actionName;      Func<SystemAuthorizeModel, bool> controllerExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Controller && it.AreaName == areaName && it.ControllerName == controllerName;      Func<SystemAuthorizeModel, bool> areaExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Area && it.AreaName == areaName;      dynamic userId = GetCurrentUserKey();      //所有权限      bool isAllByUuserKey = IsAllByUserKey(systemAuthorizeList, userId);      bool isAreaByUserKey = IsAreaByUserKey(systemAuthorizeList, areaName, userId);      bool isControllerByUserKey = IsControllerByUserKey(systemAuthorizeList, areaName, controllerName, userId);      bool isActionByUserKey = IsActionByUserKey(systemAuthorizeList, areaName, controllerName, actionName, userId);      //有权限      var hasPower = (isAllByUuserKey || isActionByUserKey || isControllerByUserKey || isAreaByUserKey);      //需要验证      var mustValidate = systemAuthorizeList.Any(actionExpression) || systemAuthorizeList.Any(controllerExpression) || systemAuthorizeList.Any(areaExpression);      if (!hasPower && mustValidate)      {        ErrorRediect(errorRediect, RedirectUrl, redirectActionExpression, redirectControllerExpression, redirectAreaExpression);      }    }    private static void ErrorRediect(SystemAuthorizeErrorRedirect errorRediect, Action<string> RedirectUrl, Func<SystemAuthorizeErrorRedirectItemList, bool> actionExpression, Func<SystemAuthorizeErrorRedirectItemList, bool> controllerExpression, Func<SystemAuthorizeErrorRedirectItemList, bool> areaExpression)    {      if (errorRediect.ItemList == null)      {//返回默认错误地址        RedirectUrl(errorRediect.DefaultUrl);      }      else if (errorRediect.ItemList.Any(actionExpression))      {        var red = errorRediect.ItemList.Single(actionExpression);        RedirectUrl(red.ErrorUrl);      }      else if (errorRediect.ItemList.Any(controllerExpression))      {        var red = errorRediect.ItemList.Single(controllerExpression);        RedirectUrl(red.ErrorUrl);      }      else if (errorRediect.ItemList.Any(areaExpression))      {        var red = errorRediect.ItemList.Single(areaExpression);        RedirectUrl(red.ErrorUrl);      }      else if (errorRediect.ItemList.Any(it => it.SystemAuthorizeType == SystemAuthorizeType.All))      {        var red = errorRediect.ItemList.Single(it => it.SystemAuthorizeType == SystemAuthorizeType.All);        RedirectUrl(red.ErrorUrl);      }      else      {        RedirectUrl(errorRediect.DefaultUrl);      }    }    private static bool IsAllByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, object userKey)    {      var hasAll = systemAuthorizeList.Any(it => it.SystemAuthorizeType == SystemAuthorizeType.All);      if (hasAll)      {        if (systemAuthorizeList.Any(it => it.UserKeyArray != null && it.UserKeyArray.Contains(userKey)))        {          return true;        }      }      return false;    }    private static bool IsAreaByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, string area, object userKey)    {      if (systemAuthorizeList.Any(it => it.AreaName == area && it.SystemAuthorizeType == SystemAuthorizeType.Area)) //是否存在验证级别为Area的验证      {        var isContains = systemAuthorizeList.Any(it => it.AreaName == area && it.SystemAuthorizeType == SystemAuthorizeType.Area && it.UserKeyArray.Contains(userKey));        return isContains;      }      return false;    }    private static bool IsControllerByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, string area, string controller, object userKey)    {      if (systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.SystemAuthorizeType == SystemAuthorizeType.Controller)) //是否存在验证级别为Controller的验证      {        var isContains = systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.SystemAuthorizeType == SystemAuthorizeType.Controller && it.UserKeyArray.Contains(userKey));        return isContains;      }      return false;    }    private static bool IsActionByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, string area, string controller, string action, dynamic userKey)    {      if (systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.ActionName == action && it.SystemAuthorizeType == SystemAuthorizeType.Action)) //是否存在验证级别为action的验证      {        return systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.ActionName == action && it.SystemAuthorizeType == SystemAuthorizeType.Action && it.UserKeyArray.ToString().Contains(userKey.ToString()));      }      return false;    }  }  /// <summary>  /// 用户访问需要授权的项  /// </summary>  public class SystemAuthorizeModel  {    /// <summary>    /// 验证类型    /// </summary>    public SystemAuthorizeType SystemAuthorizeType { get; set; }    /// <summary>    /// 用户拥有权限访问的Area    /// </summary>    public string AreaName { get; set; }    /// <summary>    /// 用户拥有权限访问的Controller    /// </summary>    public string ControllerName { get; set; }    /// <summary>    /// 用户拥有权限访问的Actioin    /// </summary>    public string ActionName { get; set; }    /// <summary>    /// 用户ID    /// </summary>    public dynamic[] UserKeyArray { get; set; }  }  /// <summary>  /// 如果没有权限返回地址  /// </summary>  public class SystemAuthorizeErrorRedirect  {    /// <summary>    /// 默认值    /// </summary>    public string DefaultUrl { get; set; }    public List<SystemAuthorizeErrorRedirectItemList> ItemList { get; set; }  }  public class SystemAuthorizeErrorRedirectItemList  {    /// <summary>    /// 验证类型    /// </summary>    public SystemAuthorizeType SystemAuthorizeType { get; set; }    public string Controller { get; set; }    public string Action { get; set; }    public string Area { get; set; }    public string ErrorUrl { get; set; }  }  /// <summary>  /// 验证类型  /// </summary>  public enum SystemAuthorizeType  {    /// <summary>    /// 所有权限    /// </summary>    All = 0,    /// <summary>    ///验证Area    /// </summary>    Area = 1,    /// <summary>    /// 验证Area和Controller    /// </summary>    Controller = 2,    /// <summary>    /// 验证Area和Controller和Action    /// </summary>    Action = 3,    /// <summary>    /// 没有权限    /// </summary>    No = 4  }}