我正在我的一个MVC项目中实现自定义授权,完全理解下面列出的每个事件的目的,但没有弄清楚它们将被触发的顺序。还尝试调试以了解流量,观察到只有OnAuthorization被解雇。
这是我的理解:
OnAuthorization
{
// for authentication based on Role.
AuthorizeCore
{
}
//UnAuthorized request.
HandleUnauthorizedRequest
{
}
}
有些人可以帮助我理解这一点。
答案 0 :(得分:1)
如果我们在自定义授权类中重写OnAuthorization,AuthorizeCore和HandleUnauthorizedRequest方法,那么它将调用OnAuthorization方法,然后如果我们在OnAuthorization方法中调用base.OnAuthorization(filterContext)方法,那么它将调用AuthorizeCore方法,如果返回false ,然后它将调用HandleUnauthorizedRequest方法。
代码: protected override bool AuthorizeCore(HttpContextBase httpContext) {
return false;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
//filterContext.result = new redirectresult(constants.notifyurl);
base.HandleUnauthorizedRequest(filterContext);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
}
答案 1 :(得分:0)
您可以通过继承AuthorizeAttribute来创建自定义属性。然后覆盖AuthorizeCore和HandleUnauthorizedRequest,并在那里执行自定义授权逻辑。如果AuthorizeCore返回false,则会触发HandleUnauthorizedRequest。
public class CustomAuthorizationAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
//Do custom authorization logic
//Check for role here too
if(authenticated && hasRole)
return true;
else
return false;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (authenticated)
{
//user was authenticated but lacks proper role
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "action", "AccessDenied" },
{ "controller", "Account" }
});
}
else
//this will just send the user back to the Login method in the Account Controller
base.HandleUnauthorizedRequest(filterContext);
}
}