ASP.Net MVC Cookie身份校验
最常见的方法是,用户在登录的时候,将加密的Token放置Cookie中,并将Token、用户信息记录到数据库中。后端读取到Cookie,获取到Token,并使用Token查询数据库确认用户身份,进而达成身份校验的任务。
1.数据表结构
Password数据表
CookieInfo数据表
2.登录的View与Controller
<head>
<title>This is a register page</title>
<script type="text/javascript" src="~/Scripts/jquery-3.4.1.min.js"></script>
<script type="text/javascript" src="~/Scripts/jquery.validate.js"></script>
<script type="text/javascript" src="~/Scripts/jquery.metadata.js"></script>
<link type="text/css" rel="stylesheet" href="~/CSS/MyStyle.css" />
</head>
<body>
<div class="myContainer">
<h2 style="opacity:0.6">This is a mock register page</h2>
<br/>
<br/>
<form id="register" method="post" action="/Register/Submit">
<div class="form-group">
<label>UserName<font class="hint">*</font></label>
<input id="userName" name="Name" type="text" placeholder="please input a user name" class="form-control" />
</div>
<div class="form-group">
<label>Password<font class="hint">*</font></label>
<input id="password" name="SecretCode" type="text" placeholder="please input a password" class="form-control" />
</div>
<div class="form-group">
<input type="submit" value="Register" class="btn btn-success button" />
<a href="/Register/Index" class="btn btn-danger button">Clear</a>
</div>
</form>
</div>
<script type="text/javascript">
$(function () {
$("#register").validate({
meta: "validate",
rules: {
Name: {
required: true,
minlength:2
},
Password1: {
required: true,
digits: true
}
},
message: {
Name: {
required:"Please input a user name"
},
Password1: {
required:"Please input a password"
}
},
errorElement: "label",
errorPlacement: function (value, element) {
element.after(value);
}
})
})
</script>
</body>
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Security;
using WebApplication23.Models;
namespace WebApplication23.Controllers
{
public class RegisterController : Controller
{
private readonly Entities db = new Entities();
public ActionResult Index()
{
return View();
}
public ActionResult Submit(FormCollection formCollection)
{
Password password = new Password();
TryUpdateModel(password, "", formCollection.AllKeys, new[] {
"ID", "AuthorizationLevel" });
if (ModelState.IsValid)
{
var query = db.Password.Find(password.Name);
if (query == null)
{
return Content("<script>alert('当前用户不存在'); history.go(-1);</script>");
}
if (password.SecretCode != query.SecretCode)
{
return Content("<script>window.location.href='/Register/Index'; alert('密码错误'); </script>");
}
else
{
//若Cookie存在
if (Request.Cookies.AllKeys.Contains("UserInfo"))
{
//删除Cookie
Response.Cookies["UserInfo"].Expires = DateTime.Now.AddDays(-1);
//删除数据库信息
string cookieToken = Request.Cookies["UserInfo"].Value;
var CookieInfo = db.CookieInfo.Where(o => o.Token == cookieToken).FirstOrDefault<CookieInfo>();
if (CookieInfo != null)
{
db.Entry<CookieInfo>(CookieInfo).State = System.Data.Entity.EntityState.Deleted;
db.SaveChanges();
}
}
//添加Cookie
string token = Guid.NewGuid().ToString();
HttpCookie httpCookie = new HttpCookie("UserInfo", token)
{
HttpOnly = true,
Expires = DateTime.Now.AddSeconds(20)
};
Response.Cookies.Add(httpCookie);
//添加数据库信息
CookieInfo cookieInfo = new CookieInfo()
{
Name = password.Name.Trim(),
Token = token,
Expire = DateTime.Now.AddSeconds(20)
};
db.Entry<CookieInfo>(cookieInfo).State = System.Data.Entity.EntityState.Added;
db.SaveChanges();
return RedirectToAction("Index", "UserInfo");
}
}
else
{
return new HttpStatusCodeResult(System.Net.HttpStatusCode.BadRequest);
}
}
protected override void Dispose(bool disposing)
{
if (disposing)
{
db.Dispose();
}
base.Dispose(disposing);
}
}
}
3.AuthorizationFilter
public class AuthorizationFilterAttribute : ActionFilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
//是否存在Cookie-过期则不存在实例
if (!filterContext.HttpContext.Request.Cookies.AllKeys.Contains("UserInfo"))
{
filterContext.Result = new HttpStatusCodeResult(System.Net.HttpStatusCode.BadRequest);
return;
}
//获取Cookie的token
string token = filterContext.HttpContext.Request.Cookies["UserInfo"].Value;
if (string.IsNullOrWhiteSpace(token))
{
filterContext.Result = new HttpStatusCodeResult(System.Net.HttpStatusCode.BadRequest);
return;
}
//获取数据库expire时间
using (Entities db = new Entities())
{
var cookieInfo = db.CookieInfo.Find(token);
if (cookieInfo == null)
{
filterContext.Result = new HttpStatusCodeResult(System.Net.HttpStatusCode.Unauthorized);
return;
}
//过期、用户权限等级判断等
if (cookieInfo.Expire.Subtract(DateTime.Now).TotalSeconds < 0)
{
filterContext.Result = new HttpStatusCodeResult(System.Net.HttpStatusCode.Unauthorized);
}
}
}
}
4.身份校验
[AuthorizationFilter]
public ActionResult Edit(string Name)
{
//业务逻辑
}