ASP.NET MVC自定义验证Authorize Attribute

那今次Insus.NET在ASP.NET MVC实现自定义验证Authorize Attribute。
实现之前，Insus.NET对usp_Users_VeryLoginVerify修改一下，改为更好理解与使用：

SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[usp_Users_VeryLoginVerify]
(
    @U_nbr NVARCHAR(20),
    @pwd NVARCHAR(100)
)
AS
BEGIN   
    DECLARE @errmsg NVARCHAR(50) = N'用户名或密码错误。'

    IF NOT EXISTS(SELECT TOP 1 1 FROM [dbo].[Users] WHERE [U_nbr] = @U_nbr)
    BEGIN   
        RAISERROR(@errmsg,16,1)
        RETURN
    END
       
    SELECT [U_nbr] AS [Account] FROM [dbo].[Users] WHERE [U_nbr] = @U_nbr AND CONVERT(NVARCHAR(100),DECRYPTBYPASSPHRASE('insus#sec!%y',[Pwd]))  = @pwd 

    IF @@ROWCOUNT <= 0
    BEGIN   
        RAISERROR(@errmsg,16,1)
        RETURN
    END
END

Source Code
OK，上面是数据库方面。

接下你需要在ASP.NET MVC写程序：

使用Cookie来存储登录以及验证信息，写一个Cookie类别：

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace Insus.NET.Utilities
{
    public abstract class CookieBase
    {
        private static HttpResponse Response
        {
            get
            {
                return HttpContext.Current.Response;
            }
        }
       
        private static HttpRequest Request
        {
            get
            {
                return HttpContext.Current.Request;
            }
        }

        public static HttpCookie Cookie
        {
            get
            {
                return Request.Cookies["CookieBase"] as HttpCookie;
            }
            set
            {
                if (Request.Cookies["CookieBase"] != null)
                {
                    Request.Cookies.Remove("CookieBase");
                }
                Response.Cookies.Add(value);
            }
        }

        public static HttpCookie NewCookie
        {
            get
            {
                return new HttpCookie("CookieBase");
            }
        }

        public static void RemoveCookie()
        {
            if (Cookie == null)
                Response.Cookies.Remove("CookieBase");
            else
                Response.Cookies["CookieBase"].Expires = DateTime.Now.AddDays(-1);
        }      
    }
}

Source Code
其实上面这个CookeBase.cs是一个能存储多对象的集合类。在真正的程序中，你想存储什么信息，可以写一个如下面的类来操作：

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Web;

namespace Insus.NET.Utilities
{
   public class SecurityBase
    {
        public static bool IsAuthorized
        {
            get
            {
                return CookieBase.Cookie == null ? false : bool.Parse(CookieBase.Cookie.Values["IsAuthorized"]);
            }
            set
            {
                HttpCookie httpCookie = CookieBase.Cookie == null ? CookieBase.NewCookie : CookieBase.Cookie;
                httpCookie.Values["IsAuthorized"] = value.ToString();
                CookieBase.Cookie = httpCookie;
            }
        }

        public static string UserName
        {
            get
            {
                return CookieBase.Cookie == null ? string.Empty : CookieBase.Cookie.Values["UserName"];
            }
            set
            {
                HttpCookie httpCookie = CookieBase.Cookie == null ? CookieBase.NewCookie : CookieBase.Cookie;
                httpCookie.Values["UserName"] = value;
                CookieBase.Cookie = httpCookie;
            }
        }

        public static void RemoveCooke()
        {
            CookieBase.RemoveCookie();
        }
    }
}

Source Code
接下来，我们需要创建一个验证过滤器：

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
using Insus.NET.Utilities;
using System.Web.Routing;

namespace Insus.NET.Attributes
{
    public class SecurityAuthorizeAttribute : AuthorizeAttribute
    {
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            return SecurityBase.IsAuthorized;
        }

        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
            string actionName = filterContext.ActionDescriptor.ActionName;          
            base.OnAuthorization(filterContext);
        }

        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            var routeValue = new RouteValueDictionary {
                { "Controller", "Home"},
                { "Action", "Index"}
            };
            filterContext.Result = new RedirectToRouteResult(routeValue);
        }
    }
}

Source Code
这个过滤器SecurityAuthorizeAttribute.cs，稍后我们会在控制器中应用到它。

接下你需要写控制器了，不，我们似乎少写了一些物件，如model和Entity:

Models写好，还差一个Entity，这个实体是与数据连接的物件：

在ASP.NET MVC中，实现登录验证的演示，最少需要两个控制器，一个是给匿名用户访问的，它包含普通的页面和一些基本的操作。另一个控制器是经过验证通过之后才能访问的页面。

另一个控制器：

最后是创建视图了：

@{
    Layout = null;
}

    css">
        #logincontact label {
            display: inline-block;
           
            text-align: right;
        }

        #logincontact_submit {
            padding-left: 100px;
        }

        #logincontact div {
            margin-top: 1em;
        }

        .error {
            display: none;
            margin-left: 10px;
        }

        .error_show {
            color: red;
            margin-left: 10px;
        }

        input.invalid {
            border: 2px solid red;
        }

        input.valid {
            border: 2px solid green;
        }
   

Source Code
还有一个：

@{
    Layout = null;
}

Source Code