public class Verify : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { var user = filterContext.HttpContext.Session["CurrentUser"]; if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)) //判断是否Action判断是否跳过授权过滤器 { return; } else if (filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)) //判断是否Controller判断是否跳过授权过滤器 { return; } else if (user == null || string.IsNullOrWhiteSpace(user.ToString())) //判断用户是否登录 { filterContext.Result = new RedirectResult("../Login/Login"); } else { return; } } }

 
全局授权验证
public class FilterConfig { public static void RegisterGlobalFilters(GlobalFilterCollection filters) { filters.Add(new HandleErrorAttribute()); filters.Add(new Verify()); } }

 控制器授权验证
 [Verify] public class LoginController : Controller { }

 public class LoginController : Controller {
　　　　　方法授权验证 [Verify] public ActionResult UserInfo(Models.UserInfo userInfo) { } }

public class LoginController : Controller { /// <summary> /// 登录 /// </summary> /// <param name="userInfo"></param> /// <returns></returns> [HttpPost] [AllowAnonymous]//方法忽略验证 public ActionResult Login(Models.UserInfo userInfo) { } }