MVC form 验证

Web.config配置

<authentication mode="Forms">

  <!--没有权限,就跳到loginUrl,有权限登陆后-->

  <forms name=".ASPXAUTH" loginUrl="~/Home/Login" timeout="30" />

</authentication>

 

FilterConfig 添加全局过滤器

filters.Add(new Fileters.ActionAttribute());

 

Controller

[HttpGet]

[SkipAuthorizeAttribute]

public ActionResult Login()

{

  return View();

}

 

[HttpPost]

[SkipAuthorizeAttribute]

public ActionResult Login(Models.UserInfo model)

{

  Models.UserInfo mo = (from a in db.UserInfoes where a.uLoginName == model.uLoginName && a.uPwd == model.uPwd select a).FirstOrDefault();

  if (null != mo)

  {

  Session["login"] = mo;

  return RedirectToAction("Seccess");

  }

  return RedirectToAction("Login");

}

 

Fileters

每个action前的过滤器:

public class ActionAttribute : ActionFilterAttribute

{

  public override void OnActionExecuting(ActionExecutingContext filterContext)

  {

    if (filterContext.ActionDescriptor.IsDefined(typeof(SkipAuthorizeAttribute), false))

    {

    return;

    }

 

    HttpSessionStateBase session = filterContext.RequestContext.HttpContext.Session;

    if (null == session["login"])

    {

      filterContext.Result = new RedirectResult(FormsAuthentication.LoginUrl);

    }

    base.OnActionExecuting(filterContext);

  }

}

 

跳过过滤器的特性:

public class SkipAuthorizeAttribute : FilterAttribute

{

}

 

 

posted @ 2013-04-13 19:52  L-wei  阅读(243)  评论(0)    收藏  举报