asp.net MVC 通用登录验证模块

用法:

还是希望读者把源码看懂,即可运用自如。重点是,为什么有个UserType!!!

登录用户信息:

namespace MVCCommonAuth
{
    [Serializable]
    public class LoginUser
    {
        private const string DESKEY = "12345678";
        public int ID { get; set; }

        public string UserName { get; set; }
        public string Roles { get; set; }

        public DateTime Expires { get; set; }

        public readonly static string CookieNamePrefix = "authcookie";

        public void Login(string userType, string domain = null, string path = null)
        {
            var keyName = CookieNamePrefix + userType;
            var json = JsonConvert.SerializeObject(this);
            var value = EncryptString(json, DESKEY);

            HttpCookie cookie = new HttpCookie(keyName, value);
            cookie.Expires = Expires;
            if (!string.IsNullOrWhiteSpace(domain))
            {
                cookie.Domain = domain;
            }
            if (path != null)
            {
                cookie.Path = path;
            }
            HttpContext.Current.Items[keyName] = this;
            HttpContext.Current.Response.Cookies.Add(cookie);
        }

        /// <summary>
        /// 从cookie读取用户信息
        /// </summary>
        /// <param name="cookieName"></param>
        private static LoginUser BuildUser(string keyName)
        {
            var cookie = HttpContext.Current.Request.Cookies[keyName];
            if (cookie != null && !string.IsNullOrEmpty(cookie.Value))
            {
                try
                {
                    var json = DecryptString(cookie.Value, DESKEY);
                    var loginuser = JsonConvert.DeserializeObject<LoginUser>(json);
                    if (loginuser != null)
                    {
                        if (loginuser.Expires >= DateTime.Now)
                        {
                            return loginuser;
                        }
                    }
                }
                catch
                {
                    //do nothing
                }
            }
            return null;
        }

        public static LoginUser GetUser(string userType)
        {
            var keyName = CookieNamePrefix + userType;
            if (!HttpContext.Current.Items.Contains(keyName))
            {
                var user = BuildUser(keyName);
                HttpContext.Current.Items[keyName] = user;
                return user;
            }
            else
            {
                return HttpContext.Current.Items[keyName] as LoginUser;
            }
        }

        public static int GetUserID(string userType)
        {
            var user = GetUser(userType);
            if (user != null)
                return user.ID;
            return 0;
        }

        /// <summary>
        /// 退出cookie登录
        /// </summary>
        public static void Logout(string userType)
        {
            var keyName = CookieNamePrefix + userType;

            HttpCookie cookie = new HttpCookie(keyName, string.Empty);
            cookie.Expires = DateTime.Now.AddMonths(-1);
            HttpContext.Current.Response.Cookies.Add(cookie);
        }

        #region 字符串加密

        /// <summary>
        /// 利用DES加密算法加密字符串(可解密)
        /// </summary>
        /// <param name="plaintext">被加密的字符串</param>
        /// <param name="key">密钥(只支持8个字节的密钥)</param>
        /// <returns>加密后的字符串</returns>
        private static string EncryptString(string plaintext, string key)
        {
            //访问数据加密标准(DES)算法的加密服务提供程序 (CSP) 版本的包装对象
            DESCryptoServiceProvider des = new DESCryptoServiceProvider();
            des.Key = ASCIIEncoding.ASCII.GetBytes(key); //建立加密对象的密钥和偏移量
            des.IV = ASCIIEncoding.ASCII.GetBytes(key);  //原文使用ASCIIEncoding.ASCII方法的GetBytes方法   

            byte[] inputByteArray = Encoding.Default.GetBytes(plaintext);//把字符串放到byte数组中   

            MemoryStream ms = new MemoryStream();//创建其支持存储区为内存的流 
            //定义将数据流链接到加密转换的流
            CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(), CryptoStreamMode.Write);
            cs.Write(inputByteArray, 0, inputByteArray.Length);
            cs.FlushFinalBlock();
            //上面已经完成了把加密后的结果放到内存中去
            StringBuilder ret = new StringBuilder();
            foreach (byte b in ms.ToArray())
            {
                ret.AppendFormat("{0:X2}", b);
            }
            ret.ToString();
            return ret.ToString();
        }
        /// <summary>
        /// 利用DES解密算法解密密文(可解密)
        /// </summary>
        /// <param name="ciphertext">被解密的字符串</param>
        /// <param name="key">密钥(只支持8个字节的密钥,同前面的加密密钥相同)</param>
        /// <returns>返回被解密的字符串</returns>
        private static string DecryptString(string ciphertext, string key)
        {
            try
            {
                DESCryptoServiceProvider des = new DESCryptoServiceProvider();

                byte[] inputByteArray = new byte[ciphertext.Length / 2];
                for (int x = 0; x < ciphertext.Length / 2; x++)
                {
                    int i = (Convert.ToInt32(ciphertext.Substring(x * 2, 2), 16));
                    inputByteArray[x] = (byte)i;
                }

                des.Key = ASCIIEncoding.ASCII.GetBytes(key); //建立加密对象的密钥和偏移量,此值重要,不能修改
                des.IV = ASCIIEncoding.ASCII.GetBytes(key);
                MemoryStream ms = new MemoryStream();
                CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(), CryptoStreamMode.Write);

                cs.Write(inputByteArray, 0, inputByteArray.Length);

                cs.FlushFinalBlock();

                //建立StringBuild对象,createDecrypt使用的是流对象,必须把解密后的文本变成流对象
                StringBuilder ret = new StringBuilder();

                return System.Text.Encoding.Default.GetString(ms.ToArray());
            }
            catch (Exception)
            {
                return "error";
            }
        }

        #endregion
    }

}

Action验证过滤器:

namespace MVCCommonAuth
{
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
    public class AuthFilterAttribute : ActionFilterAttribute
    {
        public AuthFilterAttribute() { }
        public AuthFilterAttribute(string roles,string userType) {
            this.Roles = roles;
            this.UserType = userType;
        }
        public bool Allowanonymous { get; set; }
        public string Roles { get; set; }

        public string Users { get; set; }

        public string UserType { get; set; }

        public sealed override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (Allowanonymous) return;
            if (IsAuth()) return;
            UnauthorizedRequest(filterContext);
        }

        public sealed override void OnActionExecuted(ActionExecutedContext filterContext)
        {
            base.OnActionExecuted(filterContext);
        }
        public sealed override void OnResultExecuting(ResultExecutingContext filterContext)
        {
            base.OnResultExecuting(filterContext);
        }
        public sealed override void OnResultExecuted(ResultExecutedContext filterContext)
        {
            base.OnResultExecuted(filterContext);
        }

        private bool IsAuth()
        {
            var user = LoginUser.GetUser(UserType);
            if (user != null)
            {
                return AuthorizeCore(user.UserName, user.Roles);
            }
            else
            {
                return false;
            }
        }

        private void UnauthorizedRequest(ActionExecutingContext filterContext)
        {
            if (filterContext.HttpContext.Request.IsAjaxRequest())
                UnauthorizedAjaxRequest(filterContext);
            else
                UnauthorizedGenericRequest(filterContext);
        }

        protected virtual bool AuthorizeCore(string userName, string userRoles)
        {
            var separator = new char[] { ‘,‘ };
            var options = StringSplitOptions.RemoveEmptyEntries;
            if (!string.IsNullOrWhiteSpace(Users))
            {
                return Users.Split(separator, options).Contains(userName);
            }
            if (!string.IsNullOrWhiteSpace(Roles))
            {
                var allowRoles = Roles.Split(separator, options);
                var hasRoles = userRoles.Split(separator, options);
                foreach (var role in hasRoles)
                {
                    if (allowRoles.Contains(role))
                    {
                        return true;
                    }
                }
                return false;
            }
            return true;
        }

        protected virtual void UnauthorizedGenericRequest(ActionExecutingContext filterContext)
        {
            //根据Roles、Users、UserType信息分别跳转
            filterContext.Result = new RedirectResult("/Account/login?returnurl=" + filterContext.HttpContext.Request.Url.PathAndQuery);
        }
        protected virtual void UnauthorizedAjaxRequest(ActionExecutingContext filterContext)
        {
            var acceptTypes = filterContext.HttpContext.Request.AcceptTypes;
            if (acceptTypes.Contains("*/*") || acceptTypes.Contains("application/json"))
            {
                filterContext.Result = new JsonResult { Data = new { code = 0, msg = "nologin" }, JsonRequestBehavior = JsonRequestBehavior.AllowGet };
            }
            else
            {
                filterContext.Result = new ContentResult { Content = "nologin" };
            }

        }

    }
}
时间: 2024-08-28 11:36:44

asp.net MVC 通用登录验证模块的相关文章

ASP.NET MVC的客户端验证:jQuery的验证

http://www.cnblogs.com/artech/archive/2012/06/17/client-validation-01.html 之前我们一直讨论的Model验证仅限于服务端验证,即在Web服务器根据相应的规则对请求数据实施验证.如果我们能够在客户端(浏览器)对用户输入的数据先进行验证,这样会减少针对服务器请求的频率,从而缓解Web服务器访问的压力.ASP.MVC 2.0及其之前的版本采用ASP.NET Ajax进行客户端验证,在ASP.NET MVC 3.0中,jQuery

ASP.NET MVC的客户端验证:jQuery验证在Model验证中的实现

原文:ASP.NET MVC的客户端验证:jQuery验证在Model验证中的实现 在简单了解了Unobtrusive JavaScript形式的验证在jQuery中的编程方式之后,我们来介绍ASP.NET MVC是如何利用它实现客户端验证的.服务端验证最终实现在相应的ModelValidator中,而最终的验证规则定义在相应的ValidationAttribute中:而客户端验证规则通过HtmlHelper<TModel>相应的扩展方法(比如TextBoxFor.EditorFor和Edid

python登录验证模块

#/usr/bin/env python2.7 #-*- coding:utf-8 -*- """ 功能:     登录验证模块 详细说明:     1.密码文件为passwd     2.passwd未创建或丢失,会提示:密码文件不存在,建议重新注册!!     3.未注册用户登录会提示:用户名不存在,请您先进行注册!     4.已注册用户登录时,忘记密码,尝试3次后密码还不正确则退出验证,等一会儿则可以重新登录     5.作为装饰器进行登录验证 ""

ASP.NET MVC使用AuthenticationAttribute验证登录

首先,添加一个类AuthenticationAttribute,该类继承AuthorizeAttribute,如下: using System.Web; using System.Web.Mvc; namespace Zhong.Web { public class AuthenticationAttribute : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterConte

Asp.Net Mvc通用后台管理系统,bootstrap+easyui+权限管理+ORM

产品清单: 1.整站源码,非编译版,方便进行业务的二次开发 2.通用模块与用户等基础数据的数据库脚本 3.bootstrap3.3.1 AceAdmin模板源码 4.easyui1.3.5源码 5.FCKEditor和Findor源码 6.ORM代码生成器一套,附源码,可进行个人习惯进行二次开发 7.本系统用了大量easyui的树形懒加载和动态查询示例,非常方便进行学习和企业开发 8.log4net 9.异常日志查看页面 产品功能清单: 后台页面自适应,兼容所有主流浏览器 多语言接口支持 系统配

ASP.NET MVC Cookie 身份验证

1 创建一个ASP.NET MVC 项目 添加一个 AccountController 类. public class AccountController : Controller { [HttpGet] public ActionResult Login(string returnUrl) { ViewBag.ReturnUrl = returnUrl; return View(); } [HttpPost] public ActionResult Login(string userName,

ASP.NET MVC 表单验证

ASP.NET MVC 框架验证每个传递给操作的数据是否有效,控制器操作可以通过查询ModelState来检查请求是否有效,例如,保存有效数据到数据库.后缀返回包含错误提示信息的原始表单给用户.这里是AuctionsController.Create操作,用于判断ModelState的有效性后进行“保存或者返回” 操作: [HttpPost] public ActionResult Create(Auction auction) { if(ModelState.IsValid) { var db

ASP.NET MVC Session 过期验证跳转至登入页面

一.在要检查登入的控制器上继承 CheckLoginController 类 2. CheckLoginController 类的写法 using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Mvc; namespace TaskManagement.Controllers { public class CheckLoginController :

Asp.Net 实现Form登录验证

一.新建Asp.Net项目 1.操作步骤:模板->Visual C#->Windows->Web,修改名称.位置->确定,进入模板选择页 2.在模板选择页中,选择空模板Empty,身份验证:不进行身份验证:这里我们不使用VS的模板,我们从零开始,确定创建项目. 3.右键项目LoginForm,添加两个Web窗体:Login.aspx.Main.aspx; 添加Login页面 添加Main页面 添加完毕 二.项目创建完.添加了登录页面和主页面之后,我们来编辑一个简单的登录页面和主页面