You probably want to have a custom authorization filter. Here's an example: Custom filters in MVC. You can then apply this filter globally on app start (using RegisterGlobalFilters).

您可能想要一个自定义授权过滤器。这是一个示例：MVC 中的自定义过滤器。然后，您可以在应用程序启动时全局应用此过滤器（使用RegisterGlobalFilters）。

public class LegacyAuthorize : AuthorizeAttribute
{
  public override void OnAuthorization(HttpActionContext actionContext)
  {
    if (HttpContext.Current.Session["User"] == null)
      base.HandleUnauthorizedRequest(actionContext);
  }
}

Then in your global.asaxyou'd have something like this:

然后在你的global.asax你会有这样的事情：

GlobalFilters.Filters.Add(new LegacyAuthorize());

Everything you could do in forms you can do in MVC, just set the session variable in the controller login action.

您可以在 MVC 中执行的表单中执行的所有操作，只需在控制器登录操作中设置会话变量即可。

Or you can do this: In the login action add formsauthentication.setauthcookie("username")

或者您可以这样做：在登录操作中添加 formsauthentication.setauthcookie("username")

After this any action with the [Authorize] keyword will allow the current user in.

在此之后，任何带有 [Authorize] 关键字的操作都将允许当前用户进入。

You can try with something like this:

你可以尝试这样的事情：

FormsAuthentication.SetAuthCookie(username, rememberMe);

to set the cookie for authenticated user, then just use the [Authorize]attribute on the Controller or Action that need authentication.

为经过身份验证的用户设置 cookie，然后只需使用[Authorize]需要身份验证的控制器或操作上的属性。

Try googling on the subject for further info, you will find a lot of stuff on authentication and authorization in MVC.

尝试在该主题上搜索更多信息，您会在 MVC 中找到很多关于身份验证和授权的内容。

You can use Forms Authenticationin conjuction with Authorizeattibute as follows,

您可以Forms Authentication与Authorizeattibute结合使用，如下所示，

To restrict access to a view :

要限制对视图的访问：

Add the AuthorizeAttribute attribute to the action method declaration, as shown below,

将 AuthorizeAttribute 属性添加到操作方法声明中，如下所示，

[Authorize]
public ActionResult Index()
{
    return View();
}

Configuring Forms Authentication in web.config

在 web.config 中配置表单身份验证

<authentication mode="Forms">
     <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>

Login Post Action: Set Authentication cookie if user is valid

登录后操作：如果用户有效，则设置身份验证 cookie

[HttpPost]
public ActionResult Login(User model, string returnUrl)
{
        //Validation code

        if (userValid)
        {
             FormsAuthentication.SetAuthCookie(username, false);
        }
}

Log off Action:

注销操作：

public ActionResult LogOff()
{
    FormsAuthentication.SignOut();
    return RedirectToAction("Index", "Home");
}

You can do the Session Authentication by simply putting a session variable value when the login is successful. Eg

您可以通过在登录成功时简单地放置会话变量值来进行会话身份验证。例如

public ActionResult Index(Models.Login login)
    {
        if (ModelState.IsValid)
        {
            Dal.Login dLogin = new Dal.Login();
            string result = dLogin.LoginUser(login);
            if (result == "Success")
                Session["AuthState"] = "Authenticated";
        }
        return View();
    }

Now the trick is that you should have a common layout page of all the views to which you have to check for authentication. And in this layout page just do a razor check like this -

现在的诀窍是，您应该拥有一个包含所有必须检查身份验证的视图的公共布局页面。在这个布局页面中，像这样做一个剃刀检查 -

<body>
    @if (Session["AuthState"] != "Authenticated")
    {
        Response.Redirect("~/login");
    }
    // other html
</body>

I have been using this method in my application admin panel.

我一直在我的应用程序管理面板中使用这种方法。