在自定义控制器工厂中进行通用授权的良好做法? [英] Good practice to do common authorization in a custom controller factory?
本文介绍了在自定义控制器工厂中进行通用授权的良好做法?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的控制器共享一个客户端ID.路线:
My controllers share a client id. Route:
clients/{clientId}/{controller}/{action}/{id}
示例网址:
clients/1/orders/details/1
clients/2/children/index
clients/2/cars/create
您需要获得客户的适当授权.我不想在每个控制器中都执行相同的客户端授权.我想到了在这样的自定义控制器工厂中进行自动化的想法:
You need proper authorization for a client. I don't want to do the same client authorization in every controller. I came up with the idea to do the autorization in a custom controller factory like this:
public class CustomControllerFactory : DefaultControllerFactory
{
private readonly IAuthService _authService;
public CustomControllerFactory(IAuthService authService)
{
_authService = authService;
}
protected override IController GetControllerInstance(
RequestContext requestContext, Type controllerType)
{
var doAuth = requestContext.RouteData.Values.ContainsKey("clientId");
if (doAuth)
{
var principal = requestContext.HttpContext.User;
var clientId = long.Parse(
requestContext.RouteData.Values["clientId"].ToString());
var authorized = _authService.Client(principal, clientId);
if (!authorized)
{
return new AuthController();
}
}
return base.GetControllerInstance(requestContext, controllerType);
}
}
您认为这是一种好习惯吗?为什么?
Do you consider this a good practice or not? Why?
推荐答案
不,我不认为这是一个好习惯.自定义 AuthorizeAttribute 似乎更适合处理授权而不是控制器工厂.
No, I don't consider this as a good practice. A custom AuthorizeAttribute seems far more adapted to handle authorization rather than a controller factory.
这篇关于在自定义控制器工厂中进行通用授权的良好做法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
