1.權限控制使用controller和 action來實現，權限方式有很多種，最近開發項目使用控制控制器方式實現代碼如下

?

/// <summary>/// 用戶權限控制/// </summary>public class UserAuthorize : AuthorizeAttribute{/// <summary>/// 授權失敗時呈現的視圖/// </summary>public string AuthorizationFailView { get; set; }/// <summary>/// 請求授權時執行/// </summary>/// <param name="filterContext">上下文</param>public override void OnAuthorization(AuthorizationContext filterContext){// 獲取url請求里的 controller 和 action string controllerName = filterContext.RouteData.Values["controller"].ToString();string actionName = filterContext.RouteData.Values["action"].ToString();// 獲取用戶信息UserLoginBaseInfo _userLoginInfo = filterContext.HttpContext.Session[Property.UerLoginSession] as UserLoginBaseInfo;//根據請求過來的controller和action去查詢可以被哪些角色操作: 這是查詢數據庫 roleid使用 1,2,3,4格式RoleWithControllerAction roleWithControllerAction =SampleData.roleWithControllerAndAction.FirstOrDefault(r => r.ControllerName.ToLower() == controllerName.ToLower() && r.ActionName.ToLower() == actionName.ToLower() && r.RoleIds.contails("3"));// 有值處理if (roleWithControllerAction != null){//有權限操作當前控制器和Action的角色idthis.Roles = roleWithControllerAction.RoleIds;}else{//請求失敗輸出空結果filterContext.Result = new EmptyResult();//打出提示文字HttpContext.Current.Response.Write("對不起,你沒有權限操作!");}base.OnAuthorization(filterContext);}/// <summary>/// 自定義授權檢查（返回False則授權失敗）/// </summary>protected override bool AuthorizeCore(HttpContextBase httpContext){//if (httpContext.User.Identity.IsAuthenticated)//{// string userName = httpContext.User.Identity.Name; //當前登錄用戶的用戶名// User user = SampleData.users.Find(u => u.UserName == userName); //當前登錄用戶對象// if (user != null)// {// Role role = SampleData.roles.Find(r => r.Id == user.RoleId); //當前登錄用戶的角色// foreach (string roleid in Roles.Split(','))// {// if (role.Id.ToString() == roleid)// return true;// }// return false;// }// else// return false;//}//else// return false; //進入HandleUnauthorizedRequest return true;}/// <summary>/// 處理授權失敗的HTTP請求/// </summary>protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext){if (string.IsNullOrWhiteSpace(AuthorizationFailView))AuthorizationFailView = "error";filterContext.Result = new ViewResult { ViewName = AuthorizationFailView };}}

?二.單點登錄方式使用application方式來實現

? 1.用戶登錄成功后記錄當前信息

/// <summary>/// 限制一個用戶只能登陸一次/// </summary>/// <returns></returns>private void GetOnline(){string UserID = "1";Hashtable SingleOnline = (Hashtable)System.Web.HttpContext.Current.Application[Property.Online];if (SingleOnline == null)SingleOnline = new Hashtable();IDictionaryEnumerator idE = SingleOnline.GetEnumerator();string strKey = string.Empty;while (idE.MoveNext()){if (idE.Value != null && idE.Value.ToString().Equals(UserID)){//already login strKey = idE.Key.ToString();//當前用戶已存在移除、SingleOnline.Remove(strKey);System.Web.HttpContext.Current.Application.Lock();System.Web.HttpContext.Current.Application[Property.Online] = SingleOnline;System.Web.HttpContext.Current.Application.UnLock();break;}}//SessionIDif (!SingleOnline.ContainsKey(Session.SessionID)){SingleOnline[Session.SessionID] = UserID;System.Web.HttpContext.Current.Application.Lock();System.Web.HttpContext.Current.Application[Property.Online] = SingleOnline;System.Web.HttpContext.Current.Application.UnLock();}}

?2.使用ActionFilter來實現單點登錄，每次點擊控制器都去查詢過濾是否在其它地方登錄

/// <summary>/// 用戶基礎信息過濾器/// </summary>public class LoginActionFilter : ActionFilterAttribute{/// <summary>/// 初始化地址/// </summary>public const string Url = "~/Login/Index?error=";/// <summary>/// 該方法會在action方法執行之前調用 /// </summary>/// <param name="filterContext">上下文</param>public override void OnActionExecuting(ActionExecutingContext filterContext){// 獲取上一級url// var url1 = filterContext.HttpContext.Request.UrlReferrer;UserLoginBaseInfo _userLogin = filterContext.HttpContext.Session[Property.UerLoginSession] as UserLoginBaseInfo;// 用戶是否登陸if (_userLogin == null){filterContext.Result = new RedirectResult(Url + "登陸時間過期,請重新登陸!&url=" + filterContext.HttpContext.Request.RawUrl);}else{filterContext.HttpContext.Session.Timeout = 30;}//判斷是否在其它地方登錄Hashtable singleOnline = (Hashtable)System.Web.HttpContext.Current.Application[Property.Online];// 判斷當前SessionID是否存在 if (singleOnline != null && !singleOnline.ContainsKey(HttpContext.Current.Session.SessionID))filterContext.Result = new RedirectResult(Url + "你的帳號已在別處登陸，你被強迫下線!");base.OnActionExecuting(filterContext);}/// <summary>/// 執行后/// </summary>/// <param name="filterContext"></param>public override void OnResultExecuting(ResultExecutingContext filterContext){//記錄操作日志，寫進操作日志中var controllerName = filterContext.RouteData.Values["controller"];var actionName = filterContext.RouteData.Values["action"];base.OnResultExecuting(filterContext);}

?3.用戶正常退出或則非正常退出處理當前用戶信息銷毀Session

/// <summary>/// Session銷毀/// </summary>protected void Session_End(){Hashtable SingleOnline = (Hashtable)Application[Property.Online];if (SingleOnline != null && SingleOnline[Session.SessionID] != null){SingleOnline.Remove(Session.SessionID);Application.Lock();Application[Property.Online] = SingleOnline;Application.UnLock();}Session.Abandon();}

?

轉載說明原文地址：https://i.cnblogs.com/EditPosts.aspx?opt=1

轉載于:https://www.cnblogs.com/louby/p/6145810.html

總結

以上是生活随笔為你收集整理的asp.net mvc 权限过滤和单点登录（禁止重复登录）的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。