我已经实现了自定义方法,可以像这样使用smth为视图提供用户信息:
protected override void OnAuthorization(AuthorizationContext filterContext)
{
if (HttpContext.User != null)
{
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
JavaScriptSerializer serializer = new JavaScriptSerializer();
AWESOMEUser user = serializer.Deserialize<AWESOMEUser>(authTicket.UserData);
if (user == null)
{
HttpContext.User = null;
}
else
{
HttpContext.User = new PlatformUser(typeof(DBMembershipProvider).Name, user);
}
}
else
{
HttpContext.User = null;
}
}
base.OnAuthorization(filterContext);
}
问题是当在DB中更改用户信息(尤其是权限)时,它不会反映在视图中。我应该在每次调用时更新它,这里有更聪明的方法,即有助于自动更新用户信息的其他方法吗?
答案 0 :(得分:2)
当进程请求授权时调用OnAuth方法。
你会在网上找到很多资料,在这里添加一些材料
http://blog.tomasjansson.com/securing-your-asp-net-mvc-3-application http://schotime.net/blog/index.php/2009/02/17/custom-authorization-with-aspnet-mvc/