延长AuthorizeAttribute覆盖AuthorizeCore或OnAuthorization [英] Extend AuthorizeAttribute Override AuthorizeCore or OnAuthorization
问题描述
使用ASP.NET MVC我创建一个自定义的属性授权采取一些自定义的授权逻辑的照顾。我已经看过了很多的例子,它是pretty直线前进,但我的问题是,哪种方法是最好的覆盖,AuthorizeCore或OnAuthorization?我见过很多例子覆盖一方或另一方。是否有区别?
Using ASP.NET MVC I am creating a custom Authorize attribute to take care of some custom authorization logic. I have looked at a lot of examples and it is pretty straight forward but my question is which method is best to override, AuthorizeCore or OnAuthorization? I have seen many examples overriding one or the other. Is there a difference?
推荐答案
线索是在返回类型:
AuthorizeCore
返回一个布尔值 - 这是决策的code。这应限于看着用户的身份和检测它们在等等,其作用基本上它应该回答的问题是:
AuthorizeCore
returns a boolean - it is decision making code. This should be limited to looking at the user's identity and testing which roles they are in etc. etc. Basically it should answer the question:
我想这个用户继续?
这不应该就在身边执行任何其他活动。
It should not perform any additional activities "on the side".
OnAuthorize
返回void - 这就是你把所有的功能的需要在这一点上发生。例如写入日志,存储在会话等等等等一些数据。
OnAuthorize
returns void - this is where you put any functionality that needs to occur at this point. e.g. Write to a log, store some data in session etc etc.
这篇关于延长AuthorizeAttribute覆盖AuthorizeCore或OnAuthorization的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!