绍兴网站建设制作,万网域名注册查询网,网络维护人员招聘,wordpress下载破解版筛选器类型
授权筛选器
授权过滤器是过滤器管道的第一个被执行的过滤器#xff0c;用于系统授权。一般不会编写自定义的授权过滤器#xff0c;而是配置授权策略或编写自定义授权策略。简单举个例子。
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCo…筛选器类型
授权筛选器
授权过滤器是过滤器管道的第一个被执行的过滤器用于系统授权。一般不会编写自定义的授权过滤器而是配置授权策略或编写自定义授权策略。简单举个例子。
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.AspNetCore.Mvc.Filters;namespace FilterStudy01.Filter
{/// summary/// 授权过滤器/// builder.Services.AddMvc(options {options.Filters.Add(new WjAuthorizationlFilter());});/// [TypeFilter(typeof(WjAuthorizationlFilter))]可以加在类或者控制器上/// 不登陆的情况下访问/Admin/Index/// /summarypublic class WjAuthorizationlFilter : IAuthorizationFilter{public void OnAuthorization(AuthorizationFilterContext context){// 需要排除具有AllowAnymons 这个标签的控制器// 过滤掉带有AllowAnonymousFilterif (HasAllowAnonymous(context)){return;}// 获取当前用户的信息var user context.HttpContext.User;// 自定义的授权检查逻辑if (user null || user?.Identity?.IsAuthenticated ! true){// 如果检查不通过设置 Result 属性为一个 IActionResult 对象可以阻止请求进一步被处理context.Result new ForbidResult();}}// 判断是否含有IAllowAnonymousprivate bool HasAllowAnonymous(AuthorizationFilterContext context){if (context.Filters.Any(filter filter is IAllowAnonymousFilter)){return true;}// 终节点里面包含了路由方法的所有元素信息特性等信息var endpoint context.HttpContext.GetEndpoint();return endpoint?.Metadata.GetMetadataIAllowAnonymous() ! null;}}
}https://zhuanlan.zhihu.com/p/677748480 https://blog.csdn.net/qq_41942413/article/details/135163599 https://learn.microsoft.com/zh-cn/aspnet/core/security/authorization/simple?viewaspnetcore-9.0
IP过滤器不过这个可以放到Action过滤器中看需求如果全部限制可以放授权筛选器也可以简单的做个ip黑名单和白名单
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;namespace FilterStudy01.Filter
{/// summary/// 实现ip过滤器/// /summarypublic class WjlIpAuthorizationFilter : IAuthorizationFilter{public void OnAuthorization(AuthorizationFilterContext context){var allowIps new Liststring(){127.0.0.1};var requestIp context?.HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? ;if (!allowIps.Contains(requestIp)){var result new{Success false,Msg 非法请求};if (context ! null){context.Result new JsonResult(result);}}}}
}
资源筛选器
资源过滤器在授权过滤器执行后执行该过滤器包含“之前”和“之后”两个行为包裹了模型绑定、操作过滤器、Action执行、异常过滤器、结果过滤器以及结果执行。 缓存结果提高网站的响应速度缓存后就可以直接从内存中直接取数据而无需在执行方法。
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;namespace FilterStudy01.Filter
{/// summary/// 资源过滤器实现缓存/// IAsyncResourceFilter/// 如果继承Attribute 使用方式如下[WjlResouerceFilter]/// 如何不继承 builder.Services.AddMvc(options {options.Filters.Add(new WjlResouerceFilter());});/// /summarypublic class WjlResouerceFilterAttribute : Attribute, IResourceFilter{private static readonly Dictionarystring, IActionResult? dic new Dictionarystring, IActionResult?();/// summary/// 方法执行之后/// /summary/// param namecontext/parampublic void OnResourceExecuted(ResourceExecutedContext context){var path context.HttpContext.Request.Path;dic[path] context?.Result;}/// summary/// 方法执行之前/// /summary/// param namecontext/parampublic void OnResourceExecuting(ResourceExecutingContext context){var path context.HttpContext.Request.Path;if (dic.ContainsKey(path)){context.Result dic[path];}}}
}
操作筛选器
操作过滤器在模型绑定后执行该过滤器同样包含“之前”和“之后”两个行为包裹了Action的执行不包含Controller的创建。如果Action执行过程中或后续操作过滤器中抛出异常首先捕获到异常的是操作过滤器的OnActionExecuted而不是异常过滤器。 案例接口访问日志记录完整的日志记录方便跟踪分析问题以及攻击
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.Primitives;
using System.Diagnostics;
using System.Dynamic;
using System.Text;
using System.Text.Json;namespace FilterStudy01.Filter
{/// summary/// 操作过滤器/// builder.Services.AddMvc(options {options.Filters.Add(new WjlAsyncActionFilter());});/// /summarypublic class WjlAsyncActionFilter : IAsyncActionFilter{/// summary/// 记录请求日志方便跟踪以及预警/// 需要开启Buffer/// app.Use(next new RequestDelegate(async context {context.Request.EnableBuffering();await next(context);}));/// /summary/// param namecontext/param/// param namenext/param/// returns/returnspublic async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next){dynamic model new ExpandoObject();var httpContext context.HttpContext;var name context.ActionDescriptor.DisplayName;var actionName context.ActionDescriptor.RouteValues[action] ?? ; //action名字var controllerName context.ActionDescriptor.RouteValues[controller] ?? ; //controller名字var queryStrings httpContext.Request.QueryString; //GET请求的后缀var fromString new StringBuilder();if (httpContext.Request.HasFormContentType){var forms httpContext.Request?.Form; //Form表单请求if (forms ! null){foreach (var item in forms){fromString.Append(${item.Key}{item.Value});}}}var ipAddress httpContext?.Connection?.RemoteIpAddress?.ToString();string body ;StringValues authHeader ;if (httpContext ! null httpContext.Request ! null){if (httpContext.Request.Body ! null){httpContext.Request.Body.Position 0;//读取请求体var sr new System.IO.StreamReader(httpContext.Request.Body);body await sr.ReadToEndAsync(); //请求体内容httpContext.Request.Body.Position 0;}httpContext.Request.Headers.TryGetValue(Authorization, out authHeader);}//赋值model.Headers authHeader;model.RequestBody body;model.IPAddress ipAddress;model.Result ;model.FormString fromString.ToString();model.QueryString queryStrings;model.Action actionName;model.ActionClassName name;model.Controller controllerName;var stopWatch Stopwatch.StartNew();stopWatch.Reset();await next();stopWatch.Stop();var customerTime Math.Round(stopWatch?.Elapsed.TotalMilliseconds ?? 0, 2);//ObjectResult、JsonResult、ViewResult、LocalRedirectResult//RedirectResult、RedirectToActionResult、BadRequestResult、BadRequestObjectResult//OkResult OkObjectResult NoContentResult NotFoundResult ForbiddenResult//ChallengeResult StatusCodeResult ObjectResult FileResult(FileContentResult、FilePathResult、FileStreamResult、VirtualFileResult)//ContentResult EmptyResult ActionResult(基类不能直接用)//上面是全部的类型按照需要自己处理var fileresult context.Result as FileResult;if (fileresult null){var result context.Result as ObjectResult;var resValue result?.Value;if (result ! null resValue ! null){model.Result JsonSerializer.Serialize(resValue);}}else{model.Result 文件下载;}Console.WriteLine(JsonSerializer.Serialize(model));}}
}
异常筛选器
监听全局异常并统一格式返回 using FilterStudy01.Models;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using System.Text;namespace FilterStudy01.Filter
{/// summary/// 使用/// builder.Services.AddMvc(options {options.Filters.Add(new WjlExceptionFilter());});/// 并不是所有的异常都捕获,比如mvc中razor页面报错不能捕获/// 可以捕获Controller创建时也就是只捕获构造函数中抛出的异常、模型绑定、Action Filter和Action中抛出的未处理异常/// 其他异常不会捕获可以使用中间件/// /summarypublic class WjlExceptionFilter : IAsyncExceptionFilter{/// summary/// 获取异常的详细信息/// /summary/// param nameex/param/// returns/returnsprivate string GetExceptionDetails(Exception ex){if (ex null){return string.Empty;}StringBuilder sb new StringBuilder();sb.Append(异常消息: );sb.Append(ex.Message);sb.Append(\n);sb.Append(堆栈跟踪: );sb.Append(ex.StackTrace);// 递归获取内部异常的详细信息 if (ex.InnerException ! null){sb.Append(GetExceptionDetails(ex.InnerException));}return sb.ToString();}/// summary/// 出现异常时触发/// /summary/// param namecontext/param/// returns/returnspublic async Task OnExceptionAsync(ExceptionContext context){// 如果异常没有被处理则进行处理if (context.ExceptionHandled false){var httpContext context.HttpContext;//action名字var actionName context.ActionDescriptor.RouteValues[action] ?? ;//controller名字var controllerName context.ActionDescriptor.RouteValues[controller] ?? ;var path httpContext.Request.Path;//这里要替换成日志Console.WriteLine(GetExceptionDetails(context.Exception));CommonResult commonResult new CommonResult();commonResult.ResultNo 1;commonResult.ResultData server error;context.Result new JsonResult(commonResult);}// 设置为true表示异常已经被处理了context.ExceptionHandled true;}}
}using FilterStudy01.Models;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using System.Text;namespace FilterStudy01.Filter
{/// summary/// 局部使用/// [WjlExceptionFilter]/// /summarypublic class WjlExceptionFilterAttribute : ExceptionFilterAttribute{/// summary/// 获取异常的详细信息/// /summary/// param nameex/param/// returns/returnsprivate string GetExceptionDetails(Exception ex){if (ex null){return string.Empty;}StringBuilder sb new StringBuilder();sb.Append(异常消息: );sb.Append(ex.Message);sb.Append(\n);sb.Append(堆栈跟踪: );sb.Append(ex.StackTrace);// 递归获取内部异常的详细信息 if (ex.InnerException ! null){sb.Append(GetExceptionDetails(ex.InnerException));}return sb.ToString();}public override async Task OnExceptionAsync(ExceptionContext context){// 如果异常没有被处理则进行处理if (context.ExceptionHandled false){var httpContext context.HttpContext;//action名字var actionName context.ActionDescriptor.RouteValues[action] ?? ;//controller名字var controllerName context.ActionDescriptor.RouteValues[controller] ?? ;var path httpContext.Request.Path;//这里要替换成日志Console.WriteLine(GetExceptionDetails(context.Exception));CommonResult commonResult new CommonResult();commonResult.ResultNo 1;commonResult.ResultData 服务器开小差了;context.Result new JsonResult(commonResult);}// 设置为true表示异常已经被处理了context.ExceptionHandled true;}}
}
结果筛选器
对返回的结果封装统一结果返回
using FilterStudy01.Models;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;namespace FilterStudy01.Filter
{/// summary/// 全局使用/// /summarypublic class WjlResultFilter : IResultFilter{/*使用builder.Services.AddMvc(options {options.Filters.Add(new WjlResultFilter());});*/public void OnResultExecuted(ResultExecutedContext context){}public void OnResultExecuting(ResultExecutingContext context){//ObjectResult、JsonResult、ViewResult、LocalRedirectResult//RedirectResult、RedirectToActionResult、BadRequestResult、BadRequestObjectResult//OkResult OkObjectResult NoContentResult NotFoundResult ForbiddenResult//ChallengeResult StatusCodeResult ObjectResult FileResult(FileContentResult、FilePathResult、FileStreamResult、VirtualFileResult)//ContentResult EmptyResult ActionResult(基类不能直接用)var jsonResult context.Result as JsonResult;if (jsonResult ! null jsonResult.Value ! null){//1、只能拦截JsonResultCommonResult commonResult new CommonResult();commonResult.ResultNo 0;commonResult.ResultData jsonResult.Value;jsonResult.Value commonResult;}}}
}using FilterStudy01.Models;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;namespace FilterStudy01.Filter
{/// summary/// 局部使用/// /summarypublic class WjlResultFilterAttribute : ResultFilterAttribute{public override void OnResultExecuting(ResultExecutingContext context){var jsonResult context.Result as JsonResult;if (jsonResult ! null jsonResult.Value ! null){//1、只能拦截JsonResultCommonResult commonResult new CommonResult();commonResult.ResultNo 0;commonResult.ResultData jsonResult.Value;jsonResult.Value commonResult;}}}
} 筛选器接口的同步和异步版本任意实现一个而不是同时实现 。 运行时会先查看筛选器是否实现了异步接口如果是则调用该接口。 如果不是则调用同步接口的方法。 如果在一个类中同时实现异步和同步接口则仅调用异步方法。 使用抽象类如 ActionFilterAttribute时将为每种筛选器类型仅重写同步方法或仅重写异步方法。 大佬总结的图示
参考
授权过滤器 https://learn.microsoft.com/zh-cn/aspnet/core/mvc/controllers/filters?viewaspnetcore-8.0 https://blog.csdn.net/sD7O95O/article/details/119223675 Razor页面筛选器 异常过滤器理解 错误处理 过滤器应用
