MVC comes with an ActionFilter
To achieve identity authentication in Asp.NET WebForm, Microsoft provides us with three ways, the most commonly used of which is our Form authentication, which needs to be configured with the corresponding information. For example, the following configuration information:
It means that our login page is Login.aspx, the default page after successful login is Default.aspx, and our user information adopts two methods: verification and encryption. And the most important thing is that we need to write the authorization method (the authorization below must be written, otherwise it is useless to only use Forms authentication and then set relevant attributes), deny all anonymous users, and only logged-in users can access normally. After that, we set the login button to write the username into the cookie (that is, execute FormsAuthentication.SetAuthCookie(name, false); That's it.
0 In Asp.Net MVC we can also use Forms authentication, but if you do it in WebForm, it won't work. For example, you configure the information like this:
You set up a login in your Login.aspx to trigger Logon in the AccountController to log in, where the Logon code:
After doing this, you will find that your Logon will not be executed. What is the reason? Why doesn't the same setting work in MVC? The reason is that the mechanism is different, because you set up an authorization method that makes Logon inaccessible. So how do we do it?
In fact, in Asp.Net MVC we have a better way to do all this, we don't need an authorization method, which means that our configuration information looks like this:
There is no need to specify that anonymous users cannot log in, etc. Of course, you will find that just doing this is not enough, but we have to tell the system which ones need to be logged in to access. You may be thinking, o()〈))o Oh, that's too much trouble. It's not like that, it's very simple, we just need to mark [Authorize] on the Action that needs to be authenticated. For example, I have two pages in the Home folder, Index and Home, and I want the Index to be authenticated to access, but Home doesn't, so I only need to give the Index the Action tag [Authorize], that is:
This allows Index to be accessed after logging in, while Home does not need to be logged in. If you need to authorize roles, then you can specify the role when marking Authorize (e.g. [Authorize(Role=Administrators)]), but you have to use the membership mechanism provided by Microsoft, because your role cannot exist for nothing, but exists in the corresponding database, which I mentioned in another blog.
Customize the ActionFilter
Sometimes you may not be able to meet this kind of authentication, or if you feel that you are not flexible enough, then it doesn't matter, Asp.Net MVC allows you to customize your ActionFilter. For example, I now customize authentication:
If user management is required, I will define the role-related filters:
In fact, you will find that the above two Attributes have actually been solved by MVC's built-in Authorized, and here we mainly tell you that you can extend it if necessary.
Well, that's it for today! Source code download: FormFormsAuthenticationMvc
|
Posted on 3/16/2017 1:47:34 PM
|
|
|
Landlord|
Posted on 3/30/2017 9:40:22 AM
|
Posted on 12/28/2017 2:58:56 PM
|
