ASP.NET MVC权限验证 封装类

 

写该权限类主要目地

为了让权限配置更加的灵活,可以根据SQL、json、或者XML的方式来动态进行页面的访问控制,以及没有权限的相关跳转。

 

使用步骤

 

1、要建一个全局过滤器

   //受权过滤器
    public class AuthorizeFilter : AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        { 
        }
   }

  

2、Gobal里注册 GlobalFilters.Filters.Add(new AuthorizeFilter());该过该全局过滤器

    protected void Application_Start()
        {
            AreaRegistration.RegisterAllAreas();
            GlobalConfiguration.Configure(WebApiConfig.Register);
            GlobalFilters.Filters.Add(new AuthorizeFilter());
            FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
            RouteConfig.RegisterRoutes(RouteTable.Routes);
            BundleConfig.RegisterBundles(BundleTable.Bundles);
        }

  

3、在过滤器中调用 SystemAuthorizeService.Start实现

 

   (1)使用对象进行权限验证




 public override void OnAuthorization(AuthorizationContext filterContext)
        {
           
            List<SystemAuthorizeModel> smList = new List<SystemAuthorizeModel>()
            {
                //用户1,2,3可以访问 area为admin  所有权限
                new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.Area, AreaName="admin" , UserKeyArray=new dynamic[] { 1,2,3 /*用户授权数组*/} },


                //用户8,7可以访问 area为admin  控制器为:center   所有权限
                new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.Controller, AreaName="admin" , ControllerName="center", UserKeyArray=new dynamic[] { 8,7 /*用户授权数组*/} },

                
                //用户1可以访问为 area为:null 控制器为:home  操作为:about 的请求
                new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.Action,  ControllerName="home" , ActionName="about" , UserKeyArray=new dynamic[] { 1 } },


                //给用户100和110所有页面权限
                new SystemAuthorizeModel() { SystemAuthorizeType= SystemAuthorizeType.All, UserKeyArray=new dynamic[] { 100,110 } }

            };


            SystemAuthorizeErrorRedirect sr = new SystemAuthorizeErrorRedirect();
            sr.DefaultUrl = "/user/login";//没有权限都跳转到DefaultUrl
           //sr.ItemList=xx 设置更详细的跳转


            SystemAuthorizeService.Start(filterContext, smList, sr, () =>
            {

                //获取用户ID 
                return 1; //用户ID为1,作为DEMO写死 ,当然了可以是SESSION也可以是COOKIES等 这儿就不解释了
            });
        }

  


(2)使用JSON转成对象进行验证

[
{
"SystemAuthorizeType": 1,
"AreaName": "admin",
"ControllerName": "center",
"ActionName": null,
"UserKeyArray": [
1,
2,
3
]
},
{
"SystemAuthorizeType": 1,
"AreaName": "admin",
"ControllerName": "center",
"ActionName": null,
"UserKeyArray": [
8,
7
]
},
{
"SystemAuthorizeType": 3,
"AreaName": null,
"ControllerName": "home",
"ActionName": "about",
"UserKeyArray": [
1
]
},
{
"SystemAuthorizeType": 0,
"AreaName": null,
"ControllerName": null,
"ActionName": null,
"UserKeyArray": [
100,
110
]
}
]



SystemAuthorizeService代码:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Linq.Expressions;
using System.Web;
using System.Web.Mvc;
using System.Web.Routing;

namespace Idea.Models.Filters
{
    /// <summary>
    /// 系统授权服务
    /// 作者:sunkaixuan
    /// 时间:2015-10-25
    /// </summary>
    public class SystemAuthorizeService
    {
        /// <summary>
        /// 启动系统授权
        /// </summary>
        /// <param name="filterContext"></param>
        /// <param name="SystemAuthorizeList">所有验证项</param>
        /// <param name="errorRediect">没有权限跳转地址</param>
        /// <param name="GetCurrentUserId">获取当前用户ID</param>
        public static void Start(AuthorizationContext filterContext, List<SystemAuthorizeModel> systemAuthorizeList, SystemAuthorizeErrorRedirect errorRediect, Func<object> GetCurrentUserKey)
        {


            if (errorRediect == null)
            {
                throw new ArgumentNullException("SystemAuthorizeService.Start.errorRediect");
            }
            if (systemAuthorizeList == null)
            {
                throw new ArgumentNullException("SystemAuthorizeService.Start.systemAuthorizeList");
            }

            //全部小写
            foreach (var it in systemAuthorizeList)
            {
                it.ControllerName = it.ControllerName.ToLower();
                it.ActionName = it.ActionName.ToLower();
                it.AreaName = it.AreaName.ToLower();
            }


            //声名变量
            var context = filterContext.HttpContext;
            var request = context.Request;
            var response = context.Response;
            string actionName = filterContext.ActionDescriptor.ActionName.ToLower();
            string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower();
            string areaName = null;
            bool isArea = filterContext.RouteData.DataTokens["area"] != null;


            //变量赋值
            if (isArea)
                areaName = filterContext.RouteData.DataTokens["area"].ToString().ToLower();


            //函数方法
            #region 函数方法
            Action<string, string, string> Redirect = (action, controller, area) =>
            {
                filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = controller, action = action, area = area }));
            };
            Action<string> RedirectUrl = url =>
            {
                filterContext.Result = new RedirectResult(url);
            };
            #endregion


            Func<SystemAuthorizeErrorRedirectItemList, bool> redirectActionExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName && it.Controller == controllerName && it.Action == actionName;
            Func<SystemAuthorizeErrorRedirectItemList, bool> redirectControllerExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName && it.Controller == controllerName;
            Func<SystemAuthorizeErrorRedirectItemList, bool> redirectAreaExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName;


            Func<SystemAuthorizeModel, bool> actionExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.AreaName == areaName && it.ControllerName == controllerName && it.ActionName == actionName;
            Func<SystemAuthorizeModel, bool> controllerExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Controller && it.AreaName == areaName && it.ControllerName == controllerName;
            Func<SystemAuthorizeModel, bool> areaExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Area && it.AreaName == areaName;

            dynamic userId = GetCurrentUserKey();

            //所有权限
            bool isAllByUuserKey = IsAllByUserKey(systemAuthorizeList, userId);
            bool isAreaByUserKey = IsAreaByUserKey(systemAuthorizeList, areaName, userId);
            bool isControllerByUserKey = IsControllerByUserKey(systemAuthorizeList, areaName, controllerName, userId);
            bool isActionByUserKey = IsActionByUserKey(systemAuthorizeList, areaName, controllerName, actionName, userId);
            //有权限
            var hasPower = (isAllByUuserKey || isActionByUserKey || isControllerByUserKey || isAreaByUserKey);
            //需要验证
            var mustValidate = systemAuthorizeList.Any(actionExpression) || systemAuthorizeList.Any(controllerExpression) || systemAuthorizeList.Any(areaExpression);

            if (!hasPower && mustValidate)
            {
                ErrorRediect(errorRediect, RedirectUrl, redirectActionExpression, redirectControllerExpression, redirectAreaExpression);
            }

        }

        private static void ErrorRediect(SystemAuthorizeErrorRedirect errorRediect, Action<string> RedirectUrl, Func<SystemAuthorizeErrorRedirectItemList, bool> actionExpression, Func<SystemAuthorizeErrorRedirectItemList, bool> controllerExpression, Func<SystemAuthorizeErrorRedirectItemList, bool> areaExpression)
        {
            if (errorRediect.ItemList == null)
            {//返回默认错误地址
                RedirectUrl(errorRediect.DefaultUrl);
            }
            else if (errorRediect.ItemList.Any(actionExpression))
            {
                var red = errorRediect.ItemList.Single(actionExpression);
                RedirectUrl(red.ErrorUrl);
            }
            else if (errorRediect.ItemList.Any(controllerExpression))
            {
                var red = errorRediect.ItemList.Single(controllerExpression);
                RedirectUrl(red.ErrorUrl);
            }
            else if (errorRediect.ItemList.Any(areaExpression))
            {
                var red = errorRediect.ItemList.Single(areaExpression);
                RedirectUrl(red.ErrorUrl);
            }
            else if (errorRediect.ItemList.Any(it => it.SystemAuthorizeType == SystemAuthorizeType.All))
            {
                var red = errorRediect.ItemList.Single(it => it.SystemAuthorizeType == SystemAuthorizeType.All);
                RedirectUrl(red.ErrorUrl);
            }
            else
            {
                RedirectUrl(errorRediect.DefaultUrl);
            }
        }

        private static bool IsAllByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, object userKey)
        {
            var hasAll = systemAuthorizeList.Any(it => it.SystemAuthorizeType == SystemAuthorizeType.All);
            if (hasAll)
            {
                if (systemAuthorizeList.Any(it => it.UserKeyArray != null && it.UserKeyArray.Contains(userKey)))
                {
                    return true;
                }
            }

            return false;
        }
        private static bool IsAreaByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, string area, object userKey)
        {

            if (systemAuthorizeList.Any(it => it.AreaName == area && it.SystemAuthorizeType == SystemAuthorizeType.Area)) //是否存在验证级别为Area的验证
            {
                var isContains = systemAuthorizeList.Any(it => it.AreaName == area && it.SystemAuthorizeType == SystemAuthorizeType.Area && it.UserKeyArray.Contains(userKey));
                return isContains;
            }
            return false;
        }


        private static bool IsControllerByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, string area, string controller, object userKey)
        {
            if (systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.SystemAuthorizeType == SystemAuthorizeType.Controller)) //是否存在验证级别为Controller的验证
            {
                var isContains = systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.SystemAuthorizeType == SystemAuthorizeType.Controller && it.UserKeyArray.Contains(userKey));
                return isContains;
            }
            return false;
        }




        private static bool IsActionByUserKey(List<SystemAuthorizeModel> systemAuthorizeList, string area, string controller, string action, dynamic userKey)
        {

            if (systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.ActionName == action && it.SystemAuthorizeType == SystemAuthorizeType.Action)) //是否存在验证级别为action的验证
            {
                return systemAuthorizeList.Any(it => it.AreaName == area && it.ControllerName == controller && it.ActionName == action && it.SystemAuthorizeType == SystemAuthorizeType.Action && it.UserKeyArray.ToString().Contains(userKey.ToString()));
            }

            return false;
        }
    }






    /// <summary>
    /// 用户访问需要授权的项
    /// </summary>
    public class SystemAuthorizeModel
    {
        /// <summary>
        /// 验证类型
        /// </summary>
        public SystemAuthorizeType SystemAuthorizeType { get; set; }
        /// <summary>
        /// 用户拥有权限访问的Area
        /// </summary>
        public string AreaName { get; set; }
        /// <summary>
        /// 用户拥有权限访问的Controller
        /// </summary>
        public string ControllerName { get; set; }
        /// <summary>
        /// 用户拥有权限访问的Actioin
        /// </summary>
        public string ActionName { get; set; }
        /// <summary>
        /// 用户ID
        /// </summary>
        public dynamic[] UserKeyArray { get; set; }

    }

    /// <summary>
    /// 如果没有权限返回地址
    /// </summary>
    public class SystemAuthorizeErrorRedirect
    {
        /// <summary>
        /// 默认值
        /// </summary>
        public string DefaultUrl { get; set; }

        public List<SystemAuthorizeErrorRedirectItemList> ItemList { get; set; }
    }

    public class SystemAuthorizeErrorRedirectItemList
    {
        /// <summary>
        /// 验证类型
        /// </summary>
        public SystemAuthorizeType SystemAuthorizeType { get; set; }
        public string Controller { get; set; }
        public string Action { get; set; }
        public string Area { get; set; }

        public string ErrorUrl { get; set; }

    }

    /// <summary>
    /// 验证类型
    /// </summary>
    public enum SystemAuthorizeType
    {
        /// <summary>
        /// 所有权限
        /// </summary>
        All = 0,
        /// <summary>
        ///验证Area
        /// </summary>
        Area = 1,
        /// <summary>
        /// 验证Area和Controller
        /// </summary>
        Controller = 2,
        /// <summary>
        /// 验证Area和Controller和Action
        /// </summary>
        Action = 3,
        /// <summary>
        /// 没有权限
        /// </summary>
        No = 4

    }
}

  

posted @ 2015-10-25 14:57  阿妮亚  阅读(2367)  评论(4编辑  收藏  举报