MVC中使用AuthorizeAttribute注意事项
代码调用顺序为:OnAuthorization-->AuthorizeCore-->HandleUnauthorizedRequest
如果AuthorizeCore返回false时,才会走HandleUnauthorizedRequest 方法,并且filterContext.Result是HttpUnauthorizedResult类型(注:StausCode=401),401错误又对应了Web.config中的
<authentication mode="Forms">
<forms loginUrl="~/"
timeout="2880" />
</authentication>
所以,AuthorizeCore==false 时,会跳转到 web.config 中定义的 loginUrl="~/"
public class CheckLoginAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase
httpContext) {
bool Pass = false;
if
(!CheckLogin.AdminLoginCheck())
{
httpContext.Response.StatusCode = 401;
Pass =
false;
}
else
{
Pass = true;
}
return Pass;
}
protected override void
HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if(filterContext.HttpContext.Request.IsAjaxRequest())
{
if (!App.AppService.IsLogon)
{
filterContext.Result = new JsonResult
{
Data = new {IsSuccess =
false, Message =
"不好意思,登录超时,请重新登录再操作!"},
JsonRequestBehavior =
JsonRequestBehavior.AllowGet
};
return; //由于JsonResult无对应StatusCode,而在AuthorizeCore中我们把httpContext.Response.StatusCode=401,所以会跳转到 web.config 中定义的 loginUrl。猜想: filterContext.Result可以赋值为 //RedirectResult、HttpUnauthorizedResult等,若没有StatusCode(像JsonResult),则会检查Response.StatusCode
}
}
if (App.AppService.IsLogon)
{
return;
}
base.HandleUnauthorizedRequest(filterContext);
if
(filterContext.HttpContext.Response.StatusCode == 401) //对于401错误,默认会跳转到web.config 中定义的 loginUrl
{
filterContext.Result = new
RedirectResult("/");
}
}
}
浙公网安备 33010602011771号