ASP.NET MVC4重定向到登录页面
[英]ASP.NET MVC4 Redirect to login page
问题描述
I'm creating a web application using ASP.NET MVC 4 and C#. 
我正在使用ASP.NET MVC 4和C#创建一个Web应用程序。
I want all users to be logged in before using application. 我想在使用应用程序之前登录所有用户。
I'm using ASP.NET Membership with a custom database. 我正在使用ASP.NET Membership与自定义数据库。
One method is check if Membership.GetUser() is null or not in every function. 一种方法是检查Membership.GetUser()在每个函数中是否为null。
But isn't there any easier way than checking user login state in every function? 但是,没有比在每个函数中检查用户登录状态更简单的方法吗? (maybe checking in web.config, global.asax, etc...??) (也许检查web.config,global.asax等...... ??)
6 个解决方案
解决方案1
49 已采纳 2012-07-26 15:21:59
当然,使用[Authorize]装饰你的动作或整个班级,它将要求用户首先登录。
解决方案2
12 2012-07-26 15:31:31
Put [Authorize] over each action that you want only logged in users accessing. 将[Authorize]放在您希望仅登录用户访问的每个操作上。 You can also do this at the controller level, making all actions within the controller secured. 您也可以在控制器级别执行此操作,使控制器内的所有操作都受到保护。 The latter is probably best for you, since you probably only want all of your pages disabled for guests. 后者可能最适合您,因为您可能只希望为访客禁用所有页面。
Here's what the class-level one looks like: 这是类级别的样子:
[Authorize]
public class SomethingController
{
//...
}
and here's an action-level one: 这是一个行动级别的:
public class SomethingController
{
[Authorize]
public ActionResult SomeAction(Parameter someParameter)
{
//...
}
}
Another way to do it, if all or most of your pages use the same master page, is to put: 另一种方法是,如果您的所有或大部分页面都使用相同的母版页,则放置:
<script type="text/javascript>
@if(!Request.IsAuthenticated) {
window.location.href = redirectURL;
}
</script>
or if you arent using razor syntax, 或者如果你不使用剃刀语法,
<script type="text/javascript>
<% if(!Request.IsAuthenticated) { %>
window.location.href = redirectURL;
<% } %>
</script>
in the master page. 在母版页中。 That way, all pages which use that master page will redirect elsewhere if the user is not logged in. This only applies if you are using the built-in authentication, though. 这样,如果用户未登录,则使用该母版页的所有页面都将重定向到其他位置。但这仅适用于您使用内置身份验证的情况。 NOTE: This option is far less secure than the first option. 注意:此选项远不如第一个选项安全。 Use this only if site security is not a big concern 仅在站点安全性不是一个大问题时才使用此选项
解决方案3
4 2012-07-26 15:22:06
You could write a custom [Authorize] attribute. 您可以编写自定义[Authorize]属性。 Then simply decorate controllers/actions with it or if all actions require authorization you could register it as a global action filter. 然后简单地用它来装饰控制器/动作,或者如果所有动作都需要授权,你可以将它注册为全局动作过滤器。
解决方案4
4 2013-12-03 21:46:23
You can put [Authorize] attribute at your controller or at single methods in your controller so you would choose who can open the actions and with what permissions. 您可以将[Authorize]属性放在控制器上或控制器中的单个方法中,这样您就可以选择谁可以打开操作以及具有哪些权限。 You can also authorize with roles like : [Authorize(Roles="Admin")] where you will authorize only users in admin role to access your action/controller. 您还可以使用以下角色进行授权: [Authorize(Roles="Admin")] ,您只能授权管理员角色的用户访问您的操作/控制器。 For example: 例如:
[Authorize(Roles="SimpleUser")] or with no roles [Authorize]
public ActionResult Index()
{
return View();
}
[Authorize]
[HttpPost]
public ActionResult Index(FormCollection form)
{
... whatever logic
return View();
}
Hope this helps ;] 希望这可以帮助 ;]
解决方案5
4 2017-09-13 10:04:43
I know this question already has an answer but if the intention is to lock down the whole app except for a select few controller actions then I feel like this is a better solution ... 我知道这个问题已经有了答案,但如果打算锁定整个应用程序,除了少数几个控制器操作,那么我觉得这是一个更好的解决方案......
In the startup / init for your app add ... 在你的应用程序的启动/初始化添加...
httpConfig.filters.Add(new AuthorizeAttribute());
... then on actions you DONT want to secure ... ...然后在行动你不想来保护...
[AllowAnonymous]
public ActionResult Hello() { return View(); }
解决方案6
2 2013-06-24 06:26:46
Use [Authorize] at the class level 在班级使用[授权]
if you want to allow anonymous access to some actions use [AllowAnonymous] 如果您想允许匿名访问某些操作,请使用[AllowAnonymous]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.