MVC简单用户登录授权认证
1.控制器上面用 [Authorize] 属性标识,表示当前控制器内的所有函数需要用户认证才能访问
2.函数上面用 [AllowAnonymous] 属性标识,表示当前函数不需要用户认证可以直接访问
3.函数上面使用 [NonAction] 属性标识,表示此方法不作为控制器函数
代码:
1.HomeController
namespace TestMVC.Controllers { [Authorize] public class HomeController : Controller { // GET: Home public ActionResult Index() { return View(); } [AllowAnonymous] public ActionResult Login() { return View(); } [AllowAnonymous] [HttpPost] public ActionResult DoLogin(UserDetail user) { if (IsValidUser(user)) { //注册账户 FormsAuthentication.SetAuthCookie(user.UserName, false); return RedirectToAction("Index", "Home"); } else { //错误消息提示 ModelState.AddModelError("ErrorMessage", "用户名或密码错误!"); return View("Login"); } } [NonAction] public bool IsValidUser(UserDetail user) { if (user.UserName == "admin" && user.Password == "admin") return true; else return false; } } }
2.Home/Index.cshtml
@{ Layout = null; } <!DOCTYPE html> <html> <head> <meta name="viewport" content="width=device-width" /> <title>Index</title> </head> <body> <div> <h1>首页</h1> </div> </body> </html>
3.Home/Login.cshtml
@model TestMVC.Models.UserDetail @{ Layout = null; } <!DOCTYPE html> <html> <head> <meta name="viewport" content="width=device-width" /> <title>Login</title> </head> <body> <div> @Html.ValidationMessage("ErrorMessage", new { style = "color:red;" }) @using(Html.BeginForm("DoLogin","Home",FormMethod.Post)){ @Html.LabelFor(u=>u.UserName) @Html.TextBoxFor(u=>u.UserName) <br /> @Html.LabelFor(u => u.Password) @Html.TextBoxFor(u => u.Password) <br /> <input type="submit" value="登录" /> } </div> </body> </html>
4.Web.config配置,当验证登录没有通过时跳转的Home/Login页面
