asp.net-mvc 自定义授权属性
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5070339/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Custom Authorize Attribute
提问by Kassem
I'm building my own membership system and I want nothing to do with the MS Membership provider. I've looked around the internet and here on StackOverflow but all I could found was membership providers built on top of the MS Membership provider.
我正在建立自己的会员系统,我不想与 MS 会员资格提供商有任何关系。我在互联网和 StackOverflow 上环顾四周,但我能找到的只是建立在 MS Membership 提供商之上的会员提供商。
Anyway, I've got almost everything hooked up now, but I'd like to use a custom Authorize attribute which utilized my membership infrastructure. I checked out thisthread here on the site and I'm trying to do something similar, but I'm not sure that's quiet what I need. So far these are the classes I've got:
无论如何,我现在几乎已经连接了所有东西,但是我想使用一个自定义的 Authorize 属性,它利用了我的会员基础结构。我在网站上查看了这个线程,我正在尝试做类似的事情,但我不确定这是否是我需要的安静。到目前为止,这些是我所拥有的课程:
SessionManager:
会话管理器:
public static class SessionManager : ISessionManager
{
public static void RegisterSession(string key, object obj)
{
System.Web.HttpContext.Current.Session[key] = obj;
}
public static void FreeSession(string key)
{
System.Web.HttpContext.Current.Session[key] = null;
}
public static bool CheckSession(string key)
{
if (System.Web.HttpContext.Current.Session[key] != null)
return true;
else
return false;
}
public static object ReturnSessionObject(string key)
{
if (CheckSession(key))
return System.Web.HttpContext.Current.Session[key];
else
return null;
}
}
SharweAuthorizeAttribute:(I am not really sure if that's actually what I should be doing)
SharweAuthorizeAttribute: (我真的不知道,如果这确实是我应该做的事)
public class SharweAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (SessionManager.CheckSession(SessionKeys.User) == true)
return true;
else
return false;
}
}
Now here's what I need:
现在这是我需要的:
- Is my SharweAuthorizeAttribute class correct in the first place?
- I need to be able to redirect unauthenticated users to the login page
I need to authorize users based on their roles (using my own role provider) so I would do something like:
[SharweAuthorize(Roles="MyRole")]
- 我的 SharweAuthorizeAttribute 类首先正确吗?
- 我需要能够将未经身份验证的用户重定向到登录页面
我需要根据用户的角色(使用我自己的角色提供者)授权用户,所以我会做一些类似的事情:
[SharweAuthorize(Roles="MyRole")]
That's it I guess... Any suggestions are more than welcome :)
我想就是这样......任何建议都非常受欢迎:)
UPDATE:Ok I just read that page again and found the solution to question number two:
更新:好的,我刚刚再次阅读了该页面,并找到了第二个问题的解决方案:
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (SessionManager.CheckSession(SessionKeys.User) == false)
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "action", "ActionName" },
{ "controller", "ControllerName" }
});
}
else
base.HandleUnauthorizedRequest(filterContext);
}
Let me know if I got it right please...
如果我做对了请告诉我...
采纳答案by Eduardo Molteni
Yes, you got it right (IMO it's safer and simpler to implement a custom membership provider, but it's your choice)
是的,您做对了(IMO 实施自定义会员资格提供程序更安全、更简单,但这是您的选择)
- Yes, it's correct
- You do it right
- You inherit the
rolesproperty from theAuthorizeAttributebase class and you check in your implementation if the user is in the role.
- 是的,它是正确的
- 你做对了
- 您
roles从AuthorizeAttribute基类继承属性,并检查您的实现,如果用户在角色中。
Edit:a little more on the roles thing
编辑:更多关于角色的事情
if you have
如果你有
[SharweAuthorize(Roles="MyRole")]
then you can check the Roles property in the AuthorizeCore method
然后您可以检查 AuthorizeCore 方法中的 Roles 属性
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (SessionManager.CheckSession(SessionKeys.User) == true) {
if (SessionManager.CheckUserIsInRole( Roles )) // where Roles == "MyRole"
return true;
}
return false;
}
