MVC扩展Filter,通过继承ActionFilterAttribute为登录密码加密_.NET

您所在的位置：程序员俱乐部 > 编程开发 > .NET > MVC扩展Filter,通过继承ActionFilterAttribute为登录密码加密

MVC扩展Filter,通过继承ActionFilterAttribute为登录密码加密

2014/5/27 12:15:14 Darren Ji 博客园我要评论(0)

摘要：与ActionFilter相关的接口有2个：□IActionFilter对action执行前后处理voidOnActionExecuting(ActionExecutingContextfilterContext);可以在此对请求处理，甚至开启一个新的请求。voidOnActionExecuted(ActonExecutedContextfilterContext);可以在此对返回结果处理，甚至取消返回结果
标签：MVC 继承为

与ActionFilter相关的接口有2个：

□ IActionFilter 对action执行前后处理

void OnActionExecuting(ActionExecutingContext filterContext);
可以在此对请求处理，甚至开启一个新的请求。

void OnActionExecuted(ActonExecutedContext filterContext);
可以在此对返回结果处理，甚至取消返回结果。

关于参数ActionExecutingContext和ActonExecutedContext共有的：
都继承于ControllerContext。
都有ActionDescriptor属性：提供了action的细节
都有ActionResult属性：当设置为null的时候取消整个请求

关于ActonExecutedContext独有的：
Canceled属性：bool类型，ActionExecutedContext是否被其它action filter取消
Exception属性：action filter和action抛出的异常
ExceptionHandled属性：bool类型，异常是否被处理

□ IResultFilter 对action返回结果前后做处理

方法与属性与IActionFilter类似。
void OnResultExecuted(ResultExecutedContext filterContext);
void OnResultExecuting(ResultExecutingContext filterContext);

实例：继承ActionFilterAttribute为登录密码加密

ActionFilterAttribute包含了如下4个方法：
void OnActionExecuting(ActionExecutingContext filterContext);
void OnActionExecuted(ActonExecutedContext filterContext);
void OnResultExecuted(ResultExecutedContext filterContext);
void OnResultExecuting(ResultExecutingContext filterContext);
所以，我们可以在派生类中重写这4个方法。

□ 思路

→在执行action之前对密码加密
→在执行action之后，根据是否登录成功，来决定返回成功或重新登录视图
→在action返回结果之后，再追加一些内容

□ 继承ActionFilterAttribute

class="alt">using System;

using System.Security.Cryptography;

using System.Text;

using System.Web.Mvc;

using System.Web.Security;

namespace MvcApplication1.Extension

    public class EncryptLoginAttribute : ActionFilterAttribute

        private string username;

        private string password;

        private bool isAuthorized = false;

        private string longdate;

        private string lastTry;

        public override void OnActionExecuting(ActionExecutingContext filterContext)

            username = filterContext.HttpContext.Request.Form["username"];

            password = filterContext.HttpContext.Request.Form["password"];

            MD5 md5Hash = MD5.Create();

            string md5Password = GetMD5Hash(md5Hash, password);

            bool result = Membership.ValidateUser(username, md5Password);

            if (result)

                FormsAuthentication.SetAuthCookie(username, false);

                isAuthorized = true;

                longdate = DateTime.Now.ToLongDateString();

            else

                isAuthorized = false;

                lastTry = DateTime.Now.ToShortDateString() + "-" + DateTime.Now.ToShortTimeString();

        public override void OnActionExecuted(ActionExecutedContext filterContext)

            if (isAuthorized)

                filterContext.Result = new ViewResult(){ViewName = "Welcome"};

            else

                ViewResult result = new ViewResult();

                result.ViewName = "Index";

                result.ViewBag.message = "Login fail";

                filterContext.Result = result;

        public override void OnResultExecuted(ResultExecutedContext filterContext)

            if (filterContext.Exception == null && !filterContext.Canceled)

                ViewResult result = (ViewResult)filterContext.Result;

                if (result != null)

                    if (result.ViewName == "Welcome")

                        filterContext.HttpContext.Response.Write("<p style='color:Green;'><br/>Today is "

+ longdate + "<br/></p>");

                    else if (result.ViewName == "Index")

                        filterContext.HttpContext.Response.Write("<p style='color:Red;'><br />Last Login attemp at "+lastTry+"<br/></p>");

                    filterContext.Result = result;

        private static string GetMD5Hash(MD5 md5Hash, string input)

            //string→byte[]

            byte[] data = md5Hash.ComputeHash(Encoding.UTF8.GetBytes(input));

            StringBuilder stringBuilder = new StringBuilder();

            foreach (byte b in data)

                stringBuilder.Append(b.ToString("x2"));

            return stringBuilder.ToString();

□ HomeController

using System.Web.Mvc;

using System.Web.Security;

using MvcApplication1.Extension;

namespace MvcApplication1.Controllers

    public class HomeController : Controller

        public ActionResult Index()

            return View();

        [HttpPost]

        [EncryptLogin]

        public ActionResult Login(string username, string password)

            //TODO:保存到数据库

            return null;

        public ActionResult SignOut()

            FormsAuthentication.SignOut();

            return RedirectToAction("Index");

□ Home/Index.cshtml为登录页

@{

    ViewBag.Title = "Index";

    Layout = "~/Views/Shared/_Layout.cshtml";

<h2>Index</h2>

<p style="color: red;">@ViewBag.message</p>

@using (Html.BeginForm("Login", "Home", FormMethod.Post, new {id = "loginForm"}))

<p>

        用户名：@Html.TextBox("username", null, new {style = "width:100px"})

    </p>

<p>

        密码： @Html.Password("password", null, new {style = "width: 100px"})

    </p>

<p>

        <input type="submit" name="login" value="登录"/>

    </p>

□ web.config相关配置

□ 登录成功视图：/Shared/Welcome.cshtml

@{
ViewBag.Title = "Welcome";
Layout = "~/Views/Shared/_Layout.cshtml";
}

<h2>登录成功~~</h2>
@Html.ActionLink("登出","SignOut","Home")

登录页：

登录失败：

□ 如果想在全局使用

filters.Add(new EncryptLoginAttribute());

□ 备注

暂没有把登录成功显示页面调试出来，因为，当使用FormsAuthentication.Authenticate(username, md5Password)时，提示此方法已经过时；而使用Membership.ValidateUser(username, md5Password)时，对应的Web.config如何配置，暂没细究。

参考资料：
MVC Filters Part 3 - Action Filter and Action Result Filter

上一篇：京东扶持C2C业务叫板淘宝：将发力二手拍卖下一篇：微信第三方新挑战：京东大众点评入驻