C# 授权筛选器在我的mvc项目中不起作用
我是新来学习mvc中的过滤器的。我在我的项目中创建了一个授权过滤器 AccountcontrollerC# 授权筛选器在我的mvc项目中不起作用,c#,asp.net-mvc,authentication,filter,C#,Asp.net Mvc,Authentication,Filter,我是新来学习mvc中的过滤器的。我在我的项目中创建了一个授权过滤器 Accountcontroller public class AccountController : Controller { // // GET: /Account/ public ActionResult Login() { return View(); } [HttpPost]
public class AccountController : Controller
{
//
// GET: /Account/
public ActionResult Login()
{
return View();
}
[HttpPost]
public ActionResult Logins()
{
string username = Request["username"];
string password = Request["password"];
Session.Add("username", username);
Session.Add("password", password);
return Redirect("/Home");
}
}
public class CustomAuthorizationAttribute : FilterAttribute, IAuthorizationFilter
{
void IAuthorizationFilter.OnAuthorization(AuthorizationContext filterContext)
{
try
{
string username = HttpContext.Current.Session["username"].ToString();
string password = HttpContext.Current.Session["password"].ToString();
if (username == password)
{
HttpContext.Current.Response.Redirect("/Home");
}
else
{
HttpContext.Current.Response.Redirect("/Account/login");
}
}
catch
{
HttpContext.Current.Response.Redirect("/Account/login");
}
}
}
public class HomeController : Controller
{
//
// GET: /Home/
[CustomAuthorization]
public ActionResult Index()
{
return View();
}
}
Homecontroller
public class AccountController : Controller
{
//
// GET: /Account/
public ActionResult Login()
{
return View();
}
[HttpPost]
public ActionResult Logins()
{
string username = Request["username"];
string password = Request["password"];
Session.Add("username", username);
Session.Add("password", password);
return Redirect("/Home");
}
}
public class CustomAuthorizationAttribute : FilterAttribute, IAuthorizationFilter
{
void IAuthorizationFilter.OnAuthorization(AuthorizationContext filterContext)
{
try
{
string username = HttpContext.Current.Session["username"].ToString();
string password = HttpContext.Current.Session["password"].ToString();
if (username == password)
{
HttpContext.Current.Response.Redirect("/Home");
}
else
{
HttpContext.Current.Response.Redirect("/Account/login");
}
}
catch
{
HttpContext.Current.Response.Redirect("/Account/login");
}
}
}
public class HomeController : Controller
{
//
// GET: /Home/
[CustomAuthorization]
public ActionResult Index()
{
return View();
}
}
但是现在,当我运行这个项目时,如果用户名和密码正确,我会检查用户名和密码的字符串。主页会一次又一次地重新加载。从授权属性继承并覆盖默认行为 简单的实现是这样的
public class OptionalAuthorizeAttribute : AuthorizeAttribute
{
public OptionalAuthorizeAttribute()
{
}
protected override bool AuthorizeCore(HttpContext httpContext){
string username = HttpContext.Current.Session["username"].ToString();
string password = HttpContext.Current.Session["password"].ToString();
if (username == password)
{
return true;
}
return base.AuthorizeCore(httpContext);
}
}
然后可以重写AuthorizeAttribute.HandleUnauthorizedRequest(System.Web.Mvc.AuthorizationContext)的行为
旁注:我从手机上写下了这个答案,所以请在粘贴到visual studio时仔细检查语法错误如果用户名和密码正确,那么它将在homecontroller中加载索引(默认操作)操作,因为您编写了HttpContext.Current.Response.Redirect(“/Home”);但它不会进入主索引。重定向循环中的主页。这是故意的吗?”如果(username==password)'我只是在将来检查,我将更改此代码。