ASP.Net MVC 3 - 密码保护视图

时间:2021-12-11 03:34:45

Visual Studio 2010 - MVC 3

Visual Studio 2010 - MVC 3

I have an admin section of an asp.net mvc application which I want to restrict access to. The application will not use accounts so I won't be using an administrator role or user to authorize access for example.

我有一个asp.net mvc应用程序的管理部分,我想限制访问。应用程序不会使用帐户,因此我不会使用管理员角色或用户来授权访问权限。

I want the section to be accessible by the entry of a single password. There will be a number of actions in this section. I have set up an admin controller which redirects to a number of different views so basically any view which this controller controls needs to be restricted.

我希望通过输入单个密码来访问该部分。本节中将有许多操作。我已经设置了一个管理控制器,它可以重定向到许多不同的视图,因此基本上任何需要限制该控制器控制的视图。

I would also like it so that the password only needs to be entered once for a session, so when the browser is closed and reopened the password would need to be re-entered.

我也希望它只需要为会话输入一次密码,因此当浏览器关闭并重新打开时,需要重新输入密码。

How would I achieve this?

我怎么做到这一点?

2 个解决方案

#1


16  

Assuming that you have a View folder called Protected (as your controller), and you have several Actions that points to several Views, I would do this:

假设您有一个名为Protected的View文件夹(作为您的控制器),并且您有几个指向多个Views的Actions,我会这样做:

  • decorate the controller/actions with an Action Filter, for example: [SimpleMembership]
  • 使用动作过滤器装饰控制器/动作,例如:[SimpleMembership]
  • on that action filter, just check the existence and the contents of a Session Variable
  • 在该动作过滤器上,只需检查会话变量的存在和内容
  • redirect to a SignIn if not the correct one
  • 如果不是正确的,则重定向到SignIn

in code:

在代码中:

public class SimpleMembershipAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        //redirect if not authenticated
        if (filterContext.HttpContext.Session["myApp-Authentication"] == null ||
            filterContext.HttpContext.Session["myApp-Authentication"] != "123")
        {
            //use the current url for the redirect
            string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath;

            //send them off to the login page
            string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess);
            string loginUrl = "/Protected/SignIn" + redirectUrl;
            filterContext.HttpContext.Response.Redirect(loginUrl, true);
        }
    }
}

and your controller

和你的控制器

public class ProtectedController : Controller
{
    [SimpleMembership]
    public ActionResult Index()
    {
        return View();
    }

    public ActionResult SignIn()
    {
        return View();
    }
    [HttpPost]
    public ActionResult SignIn(string pwd)
    {
        if (pwd == "123")
        {
            Session["myApp-Authentication"] = "123";
            return RedirectToAction("Index");
        }
        return View();
    }
}

if you want to decorate the entire controller, you need to move the SignIn methods outside as to reach there, you would need to be authenticated.

如果你想装饰整个控制器,你需要将SignIn方法移到外面以便到达那里,你需要进行身份验证。


Source code:

源代码:

You can download the simple MVC3 solution http://cl.ly/JN6B or fell free to view the code on GitHub.

您可以下载简单的MVC3解决方案http://cl.ly/JN6B或免费查看GitHub上的代码。

#2


1  

I would use Forms authentication. and then add the [Authorize] attribute just to the controller or individual actions you want to restrict. Then you will need a way to log in ect. look Here for info on forms authentication hope that helps

我会使用Forms身份验证。然后将[Authorize]属性添加到控制器或您要限制的单个操作。然后你需要一种登录方式。看看这里有关表单身份验证的信息希望有所帮助

You could always create your own authentication system saving the user name and password in a config file, or database or something. You can override the [Authorize] or create your own action filter and do with it as you wish.if you didn't want to get into the full forms authentication.

您始终可以创建自己的身份验证系统,在配置文件或数据库或其他内容中保存用户名和密码。您可以覆盖[授权]或创建自己的操作过滤器,并根据需要使用它。如果您不想进入完整的表单身份验证。

#1


16  

Assuming that you have a View folder called Protected (as your controller), and you have several Actions that points to several Views, I would do this:

假设您有一个名为Protected的View文件夹(作为您的控制器),并且您有几个指向多个Views的Actions,我会这样做:

  • decorate the controller/actions with an Action Filter, for example: [SimpleMembership]
  • 使用动作过滤器装饰控制器/动作,例如:[SimpleMembership]
  • on that action filter, just check the existence and the contents of a Session Variable
  • 在该动作过滤器上,只需检查会话变量的存在和内容
  • redirect to a SignIn if not the correct one
  • 如果不是正确的,则重定向到SignIn

in code:

在代码中:

public class SimpleMembershipAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        //redirect if not authenticated
        if (filterContext.HttpContext.Session["myApp-Authentication"] == null ||
            filterContext.HttpContext.Session["myApp-Authentication"] != "123")
        {
            //use the current url for the redirect
            string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath;

            //send them off to the login page
            string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess);
            string loginUrl = "/Protected/SignIn" + redirectUrl;
            filterContext.HttpContext.Response.Redirect(loginUrl, true);
        }
    }
}

and your controller

和你的控制器

public class ProtectedController : Controller
{
    [SimpleMembership]
    public ActionResult Index()
    {
        return View();
    }

    public ActionResult SignIn()
    {
        return View();
    }
    [HttpPost]
    public ActionResult SignIn(string pwd)
    {
        if (pwd == "123")
        {
            Session["myApp-Authentication"] = "123";
            return RedirectToAction("Index");
        }
        return View();
    }
}

if you want to decorate the entire controller, you need to move the SignIn methods outside as to reach there, you would need to be authenticated.

如果你想装饰整个控制器,你需要将SignIn方法移到外面以便到达那里,你需要进行身份验证。


Source code:

源代码:

You can download the simple MVC3 solution http://cl.ly/JN6B or fell free to view the code on GitHub.

您可以下载简单的MVC3解决方案http://cl.ly/JN6B或免费查看GitHub上的代码。

#2


1  

I would use Forms authentication. and then add the [Authorize] attribute just to the controller or individual actions you want to restrict. Then you will need a way to log in ect. look Here for info on forms authentication hope that helps

我会使用Forms身份验证。然后将[Authorize]属性添加到控制器或您要限制的单个操作。然后你需要一种登录方式。看看这里有关表单身份验证的信息希望有所帮助

You could always create your own authentication system saving the user name and password in a config file, or database or something. You can override the [Authorize] or create your own action filter and do with it as you wish.if you didn't want to get into the full forms authentication.

您始终可以创建自己的身份验证系统,在配置文件或数据库或其他内容中保存用户名和密码。您可以覆盖[授权]或创建自己的操作过滤器,并根据需要使用它。如果您不想进入完整的表单身份验证。