asp.net-mvc 如何检查用户是否在 Action 中获得授权
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2204766/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to check if user is authorized inside Action
提问by elwyn
Usually I protect my Actions with [Authorize]but this time I need to check if a user is authorized inside the action.
通常我保护我的操作,[Authorize]但这次我需要检查用户是否在操作中获得授权。
Eg
例如
if(userIsAuthorized) {
//do stuff
}
else {
//return to login page
}
I believeI am using 'Forms Authentication'
我相信我正在使用“表单身份验证”
This question is kind of similar to thisbut none of the answers given seemed to work.
这个问题与此类似,但给出的答案似乎都不起作用。
EDIT: I have done some more digging- it seems if I breakpoint on an Action that has [Authorize], the User.Identity is set, but on Actions without it, the User.Identity is empty, even if I am logged in
编辑:我已经做了一些更多的挖掘 - 似乎如果我在具有 的 Action 上[Authorize]设置断点,User.Identity 已设置,但在没有它的 Actions 上,User.Identity 为空,即使我已登录
回答by Aaronaught
If you just want to know if the user is logged in:
如果您只想知道用户是否登录:
if (User.Identity.IsAuthenticated) { ... }
If you are trying to do anything role-specific:
如果您尝试执行特定于角色的任何操作:
if (User.IsInRole("Administrators")) { ... }
The Userinstance is a public property of the Controllerclass, so you always have access to it from a Controller you write. If no user is logged in you should have a GenericPrincipalfor the Userand a GenericIdentityfor the User.Identity, so don't worry about checking for nulls.
该User实例是一个公共财产Controller类,所以你总是有从你写一个控制器访问它。如果没有用户登录,您应该有一个GenericPrincipalfor theUser和 a GenericIdentityfor the User.Identity,所以不要担心检查空值。
回答by Esteban Araya
Request.IsAuthenticatedshould work for what you're trying to do.
Request.IsAuthenticated应该为您正在尝试做的事情工作。
回答by John Farrell
I suggest first figuring out what kind of Authorization your using. ;)
我建议首先弄清楚您使用的是哪种授权。;)
The answer you posted is correct. From what I remember poking around the [Authorize] attribute and related ActionFilter code MVC internally calls Page.User.Identity.IsAuthenticated just like those code examples.
您发布的答案是正确的。从我记得的 [Authorize] 属性和相关的 ActionFilter 代码 MVC 内部调用 Page.User.Identity.IsAuthenticated 就像那些代码示例一样。
回答by messed-up
Create an attribute like this: OnActionExecuting will get executed first before other code from the action
创建一个这样的属性: OnActionExecuting 将在动作的其他代码之前首先执行
public class IsAuthenticatedAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
//do your validations here. and redirect to somewhere if needed.
filterContext.HttpContext.Response.Redirect("/") //this will send user to home.
}
}
on each action where you need to check, add attribute like this:
在您需要检查的每个操作上,添加如下属性:
[IsAuthenticatedAttribute]
public ActionResult ActionName(parameters?)
{
// no need to worry about checking here.
//do you action things
}
EDIT:This one still completes the action and then only redirect it. Not so much useful.
编辑:这个仍然完成动作,然后只重定向它。没那么有用。
