MVC过滤器进行统一登录验证

浏览数：46 / 时间：2015年06月09日

统一登录验证：

1、定义实体类Person：利用特性标签验证输入合法性设计登录页面

public class Person
{
    [DisplayName("用户名"), Required(ErrorMessage = "账户非空！")]
    public string LoginName { get; set; }
    [DisplayName("密 码"), Required(ErrorMessage = "密码非空！")]
    public string Password { get; set; }
    [DisplayName("验证码"), Required(ErrorMessage = "验证码非空！")]
    public string Vcode { get; set; }
}

2、设计验证码

public class VcodeController : Controller
{
    //
    // GET: /Vcode/
 
    public ActionResult Vcode()
    {
        byte[] buffer;
        string str = GetRdStr(5);
        //将生成随机字符串存入session中
        Session["vcode"] = str;
        using(Image img=new Bitmap(80,30))
        {
            using(Graphics g=Graphics.FromImage(img))
            {
                //清除背景色
                g.Clear(Color.White);
                g.DrawRectangle(Pens.Black, 0, 0, img.Width - 1, img.Height - 1);
                DrawLines(50, img, g);
                g.DrawString(str, new Font("微软雅黑", 16), Brushes.Black, 0, 0);
                DrawLines(35, img, g);
            }
            using(System.IO.MemoryStream ms=new System.IO.MemoryStream())
            {
                img.Save(ms, System.Drawing.Imaging.ImageFormat.Jpeg);
                buffer=ms.ToArray();
            }
        }
        return File(buffer,"image/jpeg");
    }
    /// <summary>
    /// 定义随机对象
    /// </summary>
    Random rd = new Random();
 
    /// <summary>
    /// 生产指定长度随机字符串
    /// </summary>
    /// <returns>随机字符串</returns>
    string GetRdStr(int count)
    {
        string str = "abcdefghijkmnpqrstuvwxyzABCDEFGHIJKMNPQRSTUVWXYZ23456789";
        System.Text.StringBuilder sb = new System.Text.StringBuilder();
        for(int i=0;i<count;i++)
        {
            sb.Append(str[rd.Next(str.Length)]);
        }
        return sb.ToString();
    }
    /// <summary>
    /// 绘制指定数量干扰线
    /// </summary>
    /// <param name="count">数量</param>
    /// <param name="img">图片对象</param>
    /// <param name="g">画家对象</param>
    void DrawLines(int count,Image img,Graphics g)
    {
        for(int i=0;i<count;i++)
        {
            Point p1 = new Point(rd.Next(img.Width - 1), rd.Next(img.Height - 1));
            Point p2 = new Point(p1.X + rd.Next(-1, 2), p1.X + rd.Next(-1, 2));
            g.DrawLine(Pens.AliceBlue, p1, p2);
        }
    }
}

3、设计登录页面，并写入登录逻辑

前台页面

@{
    ViewBag.Title = "Login";
}
@using 统一登录2.Models
@model Person
 
<script src="~/Scripts/jquery.validate.js"></script>
<script src="~/Scripts/jquery.validate.unobtrusive.js"></script>
@using (@Html.BeginForm("Login", "Login", FormMethod.Post))
{
    <table>
        <tr>
            <th>@Html.DisplayNameFor(p => p.LoginName)</th>
            <td>
                @Html.TextBoxFor(p => p.LoginName)
                @Html.ValidationMessageFor(p => p.LoginName)
            </td>
        </tr>
        <tr>
            <th>@Html.DisplayNameFor(p => p.Password)</th>
            <td>
                @Html.PasswordFor(p => p.Password)
                @Html.ValidationMessageFor(p => p.Password)
            </td>
        </tr>
        <tr>
            <th>@Html.DisplayNameFor(p => p.Vcode)</th>
            <td>
                @Html.TextBoxFor(p => p.Vcode)
                <img src="@Url.Action("Vcode", "Vcode")" />
                @Html.ValidationMessageFor(p => p.Vcode)
            </td>
        </tr>
        <tr>
            <th></th>
            <td>
                <input type="submit" value="登录" />
            </td>
        </tr>
    </table>
}
<script type="text/javascript">
 
</script>

后台逻辑

public class LoginController : Controller
{
    //
    // GET: /Login/
    [HttpGet]
    public ActionResult Login()
    {
        return View();
    }
    [HttpPost]
    public ActionResult Login(Person model)
    {
        //判断实体验证是否成功
        if (ModelState.IsValid == false)
        {
            ModelState.AddModelError("", "实体验证失败！");
            return View();
        }
        //判断验证码验证是否成功
        if(Session["vcode"]!=null&&Session["vcode"].ToString().Equals(model.Vcode,StringComparison.OrdinalIgnoreCase))
        {
            ModelState.AddModelError("", "验证码输入不正确！");
            return View();
        }
        //判断账户密码验证是否成功
        if(model.LoginName!="admin"||model.Password!="123")
        {
            ModelState.AddModelError("", "用户名或密码错误！");
            return View();
        }
        //登录成功，登录信息存入Session
        Session["uInfo"] = model;
        //跳转到主页面
        return RedirectToAction("Index", "Home");
    }
 
}

4、在过滤器中写入统一验证逻辑--注：这里用标签来判断是否需要进行登录验证，标签类实在第五步定义

public override void OnActionExecuting(ActionExecutingContext filterContext)
{
    //判断是否需要登录验证
    if(filterContext.ActionDescriptor.IsDefined(typeof(IgnoreLoginAttribute),false))
    {
        return;
    }
    if (filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(IgnoreLoginAttribute), false))
    {
        return;
    }
    //根据Session进行登录验证
    if(filterContext.HttpContext.Session["uInfo"]==null)
    {
        //1.Ajax请求
        if(filterContext.HttpContext.Request.IsAjaxRequest())
        {
            JsonResult jsonView = new JsonResult();
            jsonView.ContentType = "application/json";
            jsonView.Data = new {status=2,msg="未登录" };
            jsonView.JsonRequestBehavior = JsonRequestBehavior.AllowGet;
            filterContext.Result = jsonView;
        }
        //2.一般请求
        else
        {
            ContentResult contentView = new ContentResult();
            contentView.Content = "<script>window.alert(‘您还没有登录！请重新登录...‘);window.location=‘/Login/Login‘</script>";
            filterContext.Result = contentView;
        }
    }
}

5、定义自定义特性标签，不需要登录验证统一贴上特性标签

/// <summary>
/// 是否忽略登录验证特性标签
/// </summary>
[AttributeUsage(AttributeTargets.Class|AttributeTargets.Method,AllowMultiple=false)]
public class IgnoreLoginAttribute:Attribute
{
}