开发者

asp.net MVC confused by custom attributes creation

开发者 https://www.devze.com 2022-12-11 06:48 出处:网络
hi i am trying to create a custom attribute for my MVC application so that i can call [CheckLogin] this is to check my cookie as i am not using forms authentification.

hi i am trying to create a custom attribute for my MVC application so that i can call [CheckLogin] this is to check my cookie as i am not using forms authentification.

i have created a class CheckLogin and this is in my App_Code folder and the code is as follows:

using System.Web.Mvc;
using System.Attributes;
using System.Diagnostics.CodeAnalysis;
using System.Globalization;
using System.Web;
using System;

namespace corian_MVC.Controllers
{
    [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
    public class CheckLoginAttribute : FilterAttribute, IAuthorizationFilter
    {
        public CheckLoginAttribute() {}

        public void OnAuthorization(AuthorizationContext filterContext)
        {
            // TODO: perform your cookie checks
            if (!userIsAuthenticated)
            {
                filterContext.Result = new RedirectResult(string.Format(
                          "/Admin/Login",
                          filterContext.HttpContext.Reque开发者_如何学Pythonst.Url.AbsoluteUri));
            }
        }
    }
}

what it does is not important here, the problem is i cant get my code to recognise this attribute if it is one in the first place, also how do i redirect to action if the login is failed ????

many thanks

my admin class:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Mvc.Ajax;


namespace corian_MVC.Controllers
{
    [HandleError]
    public class AdminController : Controller
    {
        [AcceptVerbs(HttpVerbs.Get)]
        public ActionResult Index()
        {
            //check login is not banned

            if ((int)Session["LoginCount"] >= 3) RedirectToAction("TooMany");

            return View();
        }

        public ActionResult Fraud()
        {
            Session["LoginCount"] = 3;
            return View();
        }

        public ActionResult TooMany()
        {
            return View();
        }

        [CheckLogin]
        public ActionResult Welcome()
        {
            return View();
        }

        private void Createcookie()
        {

        }

    }
}


This scenario is best handled by implementing an IAuthorizationFilter.

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited=true, AllowMultiple=true)]
public class CheckLoginAttribute : FilterAttribute, IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationContext filterContext)
    {
        // TODO: perform your cookie checks
        if (!userIsAuthenticated)
        {
            filterContext.Result = new RedirectResult(string.Format(
                "/loginUrl?ReturnUrl={0}",  
                filterContext.HttpContext.Request.Url.AbsoluteUri));
        }
    }
}

Then you can apply this attribute either at the controller level or at some particular actions.

By the way do you have any particular reason for not using the built-in FormsAuthentication?


Include .cs file with your attribute to the solution. Just placing it "near default.aspx" is not enough.

0

精彩评论

暂无评论...
验证码 换一张
取 消