我有使用 Visual Studio 2012 为 MVC 4 编写的代码......我正在尝试实现基于角色的授权,但似乎 [Authorize] 由于某种原因无法正常工作......而且我仍然可以通过 url 获取页面,甚至它的控制器动作是用 [Authorize] 属性初始化的......第二个我什至可以尝试通过将以下代码放入全局中来查看整个应用程序
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new System.Web.Mvc.AuthorizeAttribute());
filters.Add(new HandleErrorAttribute());
}
我的路由默认设置为登录页面,因为没有未经授权的人可以访问应用程序
public static void RegisterRoutes(RouteCollection routes)
{
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.MapRoute(
name: "Default",
url: "{controller}/{action}/{id}",
defaults: new { controller = "Account", action = "Login", id = UrlParameter.Optional }
);
}
我试图通过直接从 url 获取 aa() 视图来进行测试
[Authorize]
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
[Authorize]
public ActionResult aa()
{
return View();
}
登录代码
[Authorize]
[InitializeSimpleMembership]
public class AccountController : Controller
{
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
return View();
}
[HttpPost]
public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid && WebSecurity.Login(model._UserName, model._Password, persistCookie: false))
{
return RedirectToAction("Index", "Home");
}
ModelState.AddModelError("", "The user name or password provided is incorrect.");
return View(model);
}
和 web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>