MVC Use Controller instead of Filter to complete login verification (Session verification) learning notes 5
- 2021-08-16 23:32:30
- OfStack
In the previous study, when completing login verification for Session verification, Filter is usually used to handle it. The method is similar to the previous error log filtering, that is, the new Filter class inherits ActionFilterAttribute class, rewrites OnActionExecuting method, and then directly adds Filter tag before Action to be verified.
1. Create a new login verification class CheckLoginAttribute
using System.Web.Mvc;
namespace PMS.WebApp.Models
{
public class CheckLoginAttribute:ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
if (filterContext.HttpContext.Session == null || filterContext.HttpContext.Session["user"] == null)
{
filterContext.HttpContext.Response.Redirect("/User/Login");
}
}
}
}
2. Add flags to the Action that need to be verified to complete the verification
using System.Web.Mvc;
using PMS.IBLL;
using PMS.WebApp.Models;
namespace PMS.WebApp.Controllers
{
public class UserController : Controller
{
//
// GET: /User/
//private IUserService _userService;
//private IUserService UserService
//{
// get { return _userService ?? (_userService = new UserService()); }
// set { _userService = value; }
//}
private IUserService UserService { get; set; }
[CheckLogin]
public ActionResult Index()
{
return Content("OK");
}
}
}
Note: Do not register the validation class in the RegisterGlobalFilters method, otherwise it will be equivalent to adding validation to all Action
This method requires adding a filter tag before each Action method, and the efficiency is not 10 points high. In our project, we use a simpler and more efficient method: using Controller for login authentication
1. Create a new Controller parent class for authentication, and override the OnActionExecuting method in it to complete login verification:
using System.Web.Mvc;
namespace PMS.WebApp.Controllers
{
public class FilterController : Controller
{
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
if (Session["user"] == null)
{
//filterContext.HttpContext.Response.Redirect("/User/Login");
filterContext.Result = Redirect("/User/Login");
}
}
}
}
In the OnActionExecuting method of the Controller validation class, there is the following code
//filterContext.HttpContext.Response.Redirect("/User/Login");
filterContext.Result = Redirect("/User/Login");
The reason why we use the latter and abandon the former is that ASP. NET MVC stipulates that Action must return to ActionResult. If we use the former, we will enter the requested page before completing the jump, which is not in line with our original intention of using filters.
2. Then make the Controller to be verified inherit from the verification Controller defined by us to complete the global login verification operation:
using System.Web.Mvc;
using PMS.IBLL;
namespace PMS.WebApp.Controllers
{
public class UserController : FilterController//Controller
{
//
// GET: /User/
//private IUserService _userService;
//private IUserService UserService
//{
// get { return _userService ?? (_userService = new UserService()); }
// set { _userService = value; }
//}
private IUserService UserService { get; set; }
//[CheckLogin]
public ActionResult Index()
{
return Content("OK");
}
}
}
Let's compare the advantages and disadvantages of the two methods
The definition process of Filter is complicated and slightly less efficient, but it can filter every Action separately, and the same as 1Action can also have multiple pieces of filtering information, which is flexible to use.
The definition of Controller is simpler and more efficient, but it can only filter all methods in the whole Controller, and it is not easy to have multiple Controller filtering parents with 1Controller.
To sum up, most of the requirements in actual projects need to complete login verification under the same 1Controller, so it is more efficient to use Controller filtering. When dealing with complex requirements, it is also a good strategy to flexibly mix the two methods.