xiaolizi007
11/25/2016 - 7:30 AM

AuthorizeAttribute过滤器

AuthorizeAttribute过滤器 #asp.net


//AuthorizeAttribute的OnAuthorization方法内部调用了AuthorizeCore方法
//这个方法是实现验证和授权逻辑的地方,如果这个方法返回true,
//表示授权成功,如果返回false, 表示授权失败
//会给上下文设置一个HttpUnauthorizedResult,这个ActionResult执行的结果是向浏览器返回

public class CheckLoginAttribute : AuthorizeAttribute 
{ 
    protected override bool AuthorizeCore(HttpContextBase httpContext) 
    {
         bool Pass = false; 
         if (!CheckLogin.AdminLoginCheck()) 
         {
              httpContext.Response.StatusCode = 401;//无权限状态码 
              Pass = false; 
         } 
         else 
         { 
             Pass = true; 
         } 
         return Pass; 
    } 
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) 
    { 
        base.HandleUnauthorizedRequest(filterContext); 
        if (filterContext.HttpContext.Response.StatusCode == 401)
         { 
             filterContext.Result = new RedirectResult("/"); 
        } 
    } 
    
}