原文链接: https://blog.csdn.net/Fanbin168/article/details/112431155
以前我们做登陆判断是一般情况是通过实现IAuthorizationFilter 这个过滤器来做的
public class CustomAuthorizationFilterAttribute : Attribute, IAuthorizationFilter
{public void OnAuthorization(AuthorizationFilterContext context){//如果方法上面标记了AllowAnonymous特性,则跳过登录校验-以及权限检查if (context.ActionDescriptor.EndpointMetadata.Any(item => item is AllowAnonymousAttribute)){return;}string userCookie = context.HttpContext.Request.Cookies["CurrentUser"]; //获取Cookieif (userCookie == null){context.Result = new RedirectResult("/Home/Login"); //没有Cookie则跳转到登陆页面}else{return;}}
}
控制器
namespace AuthWeb.Controllers
{//[CustomAuthorizationFilter] //可以将自定义的过滤器写打到类上,或者将这个过滤器在Startup->Configuration方法类做全局注册public class HomeController : Controller{private readonly ILogger<HomeController> _logger;public HomeController(ILogger<HomeController> logger){_logger = logger;}public IActionResult Index(){return View();}[AllowAnonymous]public IActionResult LogIn(string name,string password){if ("Admin".Equals(name, StringComparison.CurrentCultureIgnoreCase) && password.Equals("123456"))//用户名忽略大小写比对{base.HttpContext.Response.Cookies.Append("CurrentUser", "Admin", new Microsoft.AspNetCore.Http.CookieOptions{Expires = DateTime.UtcNow.AddMinutes(1)//Cookie 30分钟过期});return new JsonResult(new { Result = true, Message = "登录成功" });}else{return new JsonResult(new { Result = false, Message = "登录失败" });}}}
}
全局注册CustomAuthorizationFilterAttribute过滤器
public class Startup
{public Startup(IConfiguration configuration){Configuration = configuration;}public IConfiguration Configuration { get; }public void ConfigureServices(IServiceCollection services){services.AddControllersWithViews(options=> {options.Filters.Add(typeof(CustomAuthorizationFilterAttribute));//全局权限检查过滤器});}
}