允许用户访问[授权]页面 - MVC [英] Allow user to visit [Authorize] pages - MVC
问题描述
我的项目中有 [Authorize] 的页面,用户必须登录才能访问这些页面。
My project got pages with [Authorize] where user have to log in to visit those pages.
使用与数据库中相同的用户名和密码登录成功后,当前用户ID将被存储在会话中。但是如何验证/允许用户使用[授权]访问页面?
Upon successful login with same userid and password as in database, the current users id get stored in session. But how do I do I authenticate/allow user to visit pages with [Authorize]?
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(User u)
{
if (ModelState.IsValid) //this is check validity
{
using (UserEntities db = new UserEntities())
{
var v = db.Users.Where(a=>a.UserName.Equals(u.UserName) && a.Password.Equals(u.Password)).FirstOrDefault();
if (v != null)
{
Session["LoggedUserID"] = u.Id.ToString();
Session["UserFullname"] = u.Name.ToString();
return RedirectToAction("AfterLogin");
}
}
}
return View(u);
}
任何帮助都非常欣赏。谢谢。
Any help is much appreciate. Thanks.
推荐答案
如果您绝对想自己管理登录和安全使用会话,您可以创建自己的动作过滤器,会话中设置了一个用户ID。
If you absolutely want to manage login and security yourself using Session, You can create your own action filter which checks whether session has a user id set to it.
这样的一个
public class AuthorizeWithSession : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext context)
{
if (context.HttpContext.Session == null ||
context.HttpContext.Session["LoggedUserID"]==null)
{
context.Result =
new RedirectToRouteResult(new RouteValueDictionary(
new {controller = "Account", action = "Login"}));
}
base.OnActionExecuting(context);
}
}
现在在您的安全操作/控制器上装饰此操作过滤器
Now decorate this action filter on your secure actions/controllers
[AuthorizeWithSession]
public class TeamController : Controller
{
}
这篇关于允许用户访问[授权]页面 - MVC的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
