在写用户验证特性的时候照搬了一段网上的代码,把自己坑了两小时
1 public class RequireLoginAttribute : AuthorizeAttribute 2 { 3 protected override bool AuthorizeCore(HttpContextBase httpContext) 4 { 5 bool Pass = false; 6 if (!CheckUserIsLogin()) 7 { 8 httpContext.Response.StatusCode = 401;//无权限状态码 9 } 10 else 11 { 12 Pass = true; 13 } 14 15 return Pass; 16 } 17 protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) 18 { 19 base.HandleUnauthorizedRequest(filterContext); 20 if (filterContext.HttpContext.Response.StatusCode == 401) 21 { 22 if (filterContext.HttpContext.Request.HttpMethod.Equals("GET")) 23 filterContext.Result = new RedirectResult("~/Member/Login", true); 24 else 25 { 26 var script = "Poplogin()"; 27 filterContext.Result = new JavaScriptResult() { Script = script }; 28 } 29 } 30 } 31 32 private bool CheckUserIsLogin() 33 { 34 string logintoken = CookieHelper.GetCookie(CookieKey.LoginToken); 35 if (string.IsNullOrEmpty(logintoken)) return false; 36 var _member = shopMemberBll.GetMemberByToken(logintoken); 37 if (_member == null || SessionHelper.GetSessionUserView().MemCode != _member.memCode) return false; 38 return true; 39 } 40 }