问题
I have this authentication check in my global.asax file in the Session_OnStart() call:
if (Session["Authenticated"] == null)
{
Response.Redirect("~/Login.aspx");
}
This kind of session authentication is tightly coupled in all our web apps so I have to use it this way. This global.asax sits in an older Webforms project, which my MVC project is sitting in. So for this reason I believe its letting me access my controller action e.g http://localhost/controller/action directly without my session authentication being populated, i.e its not redirecting. I have added this bit of code to EACH controller action to get around this, but is there a way to set this somewhere globally (not in the global.asax) so that I only have to call it once for all controller actions? Thanks.
回答1:
You should create a basecontroller that all your controllers inherit from. then you simply have the logic in one place. i.e.:
public abstract class BaseController : ControllerBase
you could then use the initialize method in the new BaseContoller to do the common logic. i.e.
[edit] - changed to OnActionExecuting, rather than Initialize. This isn't the most elegant of places to do it as we're on the cusp of the view being called. however, it's a starting point.
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
// you should be able to get session stuff here!!
base.OnActionExecuting(filterContext);
}
and in each controller:
public class AnotherNormalController : BaseController
来源:https://stackoverflow.com/questions/3263936/calling-the-session-before-any-controller-action-is-run-in-mvc