asp.net-mvc asp.net mvc 并检查用户是否已登录
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5484786/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
asp.net mvc and check for if a user is logged in
提问by anouar
I'm new in asp.net mvc and i need to check if a user is logged in or not in my application so i place the following piece of code in my global.asax
我是 asp.net mvc 的新手,我需要检查用户是否在我的应用程序中登录,所以我将以下代码放在我的 global.asax 中
void Application_PreRequestHandlerExecute(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
HttpContext context = application.Context;
string filePath= context.Request.FilePath;
string fileExtention = VirtualPathUtility.GetExtension(filePath);
// to skip request for static content like (.css or .js)
if (fileExtention == "")
{
if (filePath.ToLower() != "/account/login")
{
var user = (Utilisateur)context.Session["USER"];
if (user == null)
context.Response.Redirect(@"~/account/login");
}
}
}
I intercept each incoming request to do the checking I'd like to know if there are other ways to do this kind of work and thanks in advance.
我拦截了每个传入的请求以进行检查我想知道是否还有其他方法可以完成此类工作并提前致谢。
回答by Damb
Do you need to do it this way? You should check, if you can use asp.net authentication, authorization and membership providers. (They are automatically generated when you make new ASP.NET MVC 3 Application [when you leave the 'Internet Application' checked]).
你需要这样做吗?您应该检查是否可以使用 asp.net 身份验证、授权和成员资格提供程序。(当您创建新的 ASP.NET MVC 3 应用程序时[当您选中“Internet 应用程序”时],它们会自动生成)。
You can then use annotation for controllers and actions: (pseudocode):
This allows access to controller only to authorized users (you can even specify which users or which roles are allowed): [Authorize(Roles = "Administrators")]
然后,您可以对控制器和操作使用注释:(伪代码):
这仅允许授权用户访问控制器(您甚至可以指定允许哪些用户或哪些角色):[Authorize(Roles = "Administrators")]
[Authorize]
controller{.....}
And to check if user is logged in, there is already User property with Identity property.
This code checks if user is Authenticated (logged in):
并检查用户是否已登录,已经有带有 Identity 属性的 User 属性。
此代码检查用户是否已通过身份验证(已登录):
controller...() {
...
if (User.Identity.IsAuthenticated) ...
...
}
回答by Hadi Eskandari
Since you mentioned you have your own "module" that works with several databases, I think you should implement this module as a standard ASP.NET / MVC custom membership/authentication provider. You can then use HttpContext.User.Identity.IsAuthenticated and limit the access to your controller's actions (or the whole controller) by decorating it with [Authorize] attribute.
既然您提到您有自己的“模块”,可以与多个数据库一起使用,我认为您应该将此模块实现为标准的 ASP.NET/MVC 自定义成员资格/身份验证提供程序。然后,您可以使用 HttpContext.User.Identity.IsAuthenticated 并通过使用 [Authorize] 属性装饰它来限制对控制器操作(或整个控制器)的访问。
