我正在尝试在ASP.NET MVC中为管理员和用户创建两种类型的用户,因为允许管理员查看所有页面和用户定义。我想我确实有两种类型的用户,但是当我尝试通过admin登录并看到应该看到该页面的页面时,它对用户没有任何作用
users.cs类
public class users
{
public virtual int id_user { get; set; }
public virtual string user_name { get; set; }
public virtual string employee { get; set; }
public virtual string user_level { get; set; }
public virtual string password { get; set; }
}
授权类
public class AuthLogAttribute : AuthorizeAttribute
{
public AuthLogAttribute()
{
View = "AuthorizeFailed";
}
public string View { get; set; }
/// <summary>
/// Check for Authorization
/// </summary>
/// <param name="filterContext"></param>
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
IsUserAuthorized(filterContext);
}
/// <summary>
/// Method to check if the user is Authorized or not
/// if yes continue to perform the action else redirect to error page
/// </summary>
/// <param name="filterContext"></param>
private void IsUserAuthorized(AuthorizationContext filterContext)
{
// If the Result returns null then the user is Authorized
if (filterContext.Result == null)
return;
//If the user is Un-Authorized then Navigate to Auth Failed View
if (filterContext.HttpContext.User.Identity.IsAuthenticated)
{
// var result = new ViewResult { ViewName = View };
var vr = new ViewResult();
vr.ViewName = View;
ViewDataDictionary dict = new ViewDataDictionary();
dict.Add("Message", "Sorry you are not Authorized to Perform this Action");
vr.ViewData = dict;
var result = vr;
filterContext.Result = result;
}
}
}
HomeController
public ActionResult Index()
{
return View();
}
[AuthLog(Roles = "ADMIN")]
public ActionResult About()
{
ViewBag.Message = "Your application description page.";
return View();
}
[AuthLog(Roles = "user")]
public ActionResult Contact()
{
ViewBag.Message = "Your contact page.";
return View();
}
public ActionResult Login()
{
return View();
}
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(users u)
{
if (ModelState.IsValid)
{
using (ISession session = NhibernateSession.OpenSession())
{
var v = session.Query<users>().Where(a => a.user_name.Equals(u.user_name) && a.password.Equals(u.password)).FirstOrDefault();
if (v != null)
{
Session["id_user"] = v.id_user.ToString();
Session["employee"] = v.employee.ToString();
return RedirectToAction("AfterLogin");
}
}
}
return View(u);
}
public ActionResult AfterLogin()
{
if (Session["id_user"] != null)
{
return View();
}
else
{
return RedirectToAction("Index");
}
}
public ActionResult LogOut()
{
Session.Abandon();
return RedirectToAction("Login", "Home");
}
登录页面
@model LOGINAPP.Models.users
@{
ViewBag.Title = "Login";
Layout = null;
}
<h2>Login</h2>
@using (Html.BeginForm("Login", "Home", FormMethod.Post))
{
//this is for create form tag
@Html.AntiForgeryToken() // this is for prevent CSRF attack
@Html.ValidationSummary(true)
if (@ViewBag.Message != null)
{
<div style="border: 1px solid red">
@ViewBag.Message
</div>
}
<table>
<tr>
<td>@Html.LabelFor(a => a.user_name)</td>
<td>@Html.TextBoxFor(a => a.user_name)</td>
<td>@Html.ValidationMessageFor(a => a.user_name)</td>
</tr>
<tr>
<td>
@Html.LabelFor(a => a.password)
</td>
<td>
@Html.PasswordFor(a => a.password)
</td>
<td>
@Html.ValidationMessageFor(a => a.password)
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" value="Login" />
</td>
<td></td>
</tr>
</table>
}