MVC中使用AuthorizeAttribute注意事项_.NET_编程开发_程序员俱乐部

代码调用顺序为：OnAuthorization-->AuthorizeCore-->HandleUnauthorizedRequest

如果AuthorizeCore返回false时，才会走基类的HandleUnauthorizedRequest 方法，并且Response.StausCode会返回401，401错误又对应了Web.config中的

<authentication mode="Forms">
      <forms loginUrl="~/" timeout="2880" />
    </authentication>

所以，AuthorizeCore==false 时，会跳转到 web.config 中定义的  loginUrl="~/"

 public class CheckLoginAttribute : AuthorizeAttribute
    {

        protected override bool AuthorizeCore(HttpContextBase httpContext)        {
            bool Pass = false;
            if (!CheckLogin.AdminLoginCheck())
            {
                httpContext.Response.StatusCode = 401;//无权限状态码
                Pass = false;
            }
            else
            {
                Pass = true;
            }

            return Pass;
        }

        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {

            if(filterContext.HttpContext.Request.IsAjaxRequest())
            {
                if (!App.AppService.IsLogon)
                {

                    filterContext.Result = new JsonResult
                                               {
                                                   Data = new {IsSuccess = false, Message = "不好意思,登录超时,请重新登录再操作!"},
                                                   JsonRequestBehavior = JsonRequestBehavior.AllowGet
                                               };
                    return;    //会跳转到 web.config 中定义的  loginUrl
                }
            }
            if (App.AppService.IsLogon)
            {
                return;
            }

            base.HandleUnauthorizedRequest(filterContext);
            if (filterContext.HttpContext.Response.StatusCode == 401) //对于401错误，默认会跳转到web.config 中定义的  loginUrl
            {
                filterContext.Result = new RedirectResult("/");
            }
        }

    }