因为以前接触java的时候filter chain超好用嘛,以至于差点忽略的它的存在,直到我看到.net这边每个controller里面的每个action都需要判定session的存在,真的好烦好烦,而且还担心忘记,出现好几次了,同事的代码没写,跑起来偶尔出错,不是什么大事儿,但是时不时戳你一下就是烦啊。
Authorization filter, which makes security decisions about whether to execute an action method, such as performing authentication or validating properties of the request. The AuthorizeAttribute class is one example of an authorization filter.
Action filter, which wraps the action method execution. This filter can perform additional processing, such as providing extra data to the action method, inspecting the return value, or canceling execution of the action method.
Result filter, which wraps execution of the ActionResult object. This filter can perform additional processing of the result, such as modifying the HTTP response. The OutputCacheAttribute class is one example of a result filter.
Exception filter, which executes if there is an unhandled exception thrown somewhere in action method, starting with the authorization filters and ending with the execution of the result. Exception filters can be used for tasks such as logging or displaying an error page. The HandleErrorAttribute class is one example of an exception filter.
看完Authorization filter的描述以后,我们要的是它啦!
public class AdminAuthorizeAttribute : AuthorizeAttribute
public override void OnAuthorization(AuthorizationContext filterContext)
HttpSessionStateBase session = filterContext.HttpContext.Session;
Controller controller = filterContext.Controller as Controller;
if (controller != null)
if (session != null && (session["admin"] as Admin) == null)
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new {controller = "Admin", action = "Login"}));
Action filter其实也是类似的写法,继承ActionFilterAttribute,重写里面的OnActionExecuted(ActionExecutedContext)
Called by the ASP.NET MVC framework before the action method executes.
你需要的方法就好啦!其实看看OnActionExecuting是before method executes的话,重写这个方法也是可以达到这个效果的啦!只是从语义和这几个的设计分类来看,Authorize还是更合适一点。另外OnActionExecuted我感觉也可以用来打log。省事儿。
Filtering in ASP.NET MVC
Creating Custom Action Filters
create the authorize filter with parameter asp.net mvc
Override global authorize filter in ASP.NET Core MVC 1.0
Asp.net MVC4: Authorize on both controller and action
Redirect From Action Filter Attribute