会话控制操作过滤器 - pageajax 请求

通常,身份验证和授权过程由 .net MVC 中的内置 cookie 和令牌支持执行。但是如果你决定用 Session 自己做,你可以使用以下逻辑来处理页面请求和 ajax 请求。

public class SessionControl : ActionFilterAttribute
{
    public override void OnActionExecuting ( ActionExecutingContext filterContext )
    {
        var session = filterContext.HttpContext.Session;

        /// user is logged in (the "loggedIn" should be set in Login action upon a successful login request)
        if ( session["loggedIn"] != null && (bool)session["loggedIn"] )
            return;

        /// if the request is ajax then we return a json object
        if ( filterContext.HttpContext.Request.IsAjaxRequest() )
        {
            filterContext.Result = new JsonResult
            {
                Data = "UnauthorizedAccess",
                JsonRequestBehavior = JsonRequestBehavior.AllowGet
            };
        }
        /// otherwise we redirect the user to the login page
        else
        {
            var redirectTarget = new RouteValueDictionary { { "Controller", "Login" }, { "Action", "Index" } };
            filterContext.Result = new RedirectToRouteResult(redirectTarget);
        }
    }

    public override void OnResultExecuting ( ResultExecutingContext filterContext )
    {
        base.OnResultExecuting(filterContext);
        
        /// we set a field 'IsAjaxRequest' in ViewBag according to the actual request type
        filterContext.Controller.ViewBag.IsAjaxRequest = filterContext.HttpContext.Request.IsAjaxRequest();
    }
}