HandleUnauthorizedRequest不重写 [英] HandleUnauthorizedRequest not overriding

问题描述

在我的asp.net MVC3应用程序，我有如下所示的自定义授权属性。

In my asp.net mvc3 application, I have a custom Authorization Attribute as seen below.

public class CustomAuthorize : AuthorizeAttribute
{
    public IAccountRepository AccountRepository { get; set; }

    public CustomAuthorize()
    {
        this.AccountRepository = new UserModel();
    }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        base.AuthorizeCore(httpContext);
        return AccountRepository.isEnabled(HttpContext.Current.User.Identity.Name);
    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) 
    {
        base.HandleUnauthorizedRequest(filterContext);
    }
}

我有 [CustomAuthorize] 标记在我的控制器动作，而 AuthorizeCore 方法工作正常 - 它执行我想它的逻辑（确保帐户实际上是启用），然后返回如此。

I have the [CustomAuthorize] tag on my controller actions, and the AuthorizeCore method works fine - it performs the logic I want it to (making sure the account is actually enabled), and then returning as such.

不过，重写 HandleUnauthorizedRequest 方法，按照我的理解应该让我来控制未经授权的请求的行为，不运行在所有。我把一个断点，我把code在那里，我访问我的应用程序未经授权，和code从不运行。

However, the overridden HandleUnauthorizedRequest method, which as I understand it should allow me to control the behaviour of an unauthorized request, is not running at all. I put a breakpoint there, I put code in there, I access my application unauthorized, and the code never runs.

我在想什么？

编辑：我做了一些调查研究，发现其他几个人谁了这个问题，但没有解决可惜

I did some more research and found a few other people who had this problem, but no solution unfortunately.

EDIT2：样品code

Sample code

[CustomAuthorize]
public class UserController: Controller
{
    public UserController() 
    {
        //do stuff here
    }
}

编辑3：@Fabio

EDIT 3: @Fabio

下面就是我要做的。我有一个登录页面（表单验证）工作正常 - 它调用我的自定义登录，然后叫我AuthorizeCore覆盖。我的应用程序使用大量ajax调用的，我的最终目标是，只要用户使用的应用程序，并且管理员禁用它们，而被停用，调用Ajax（虽然仍在登录）应记录出来。然而，为了做到这一点，我想如果用户要实现AJAX调用返回一个自定义的响应，为此，我需要ovverride HandleUnauthorizedRequest。但我的授权核心（通过扩展HandleUnauthorizedRequest）如果用户登录被忽略（尽管我对我所有的控制器动作的AJAX呼吁customauthorize标记）。

Here's what I'm trying to do. I have a login page (forms auth) that works fine - it calls my custom login, and then calls my AuthorizeCore override. My application uses a large amount of ajax calls, and my eventual goal is for whenever a user is using the application, and the administrator disables them, making an ajax call after being disabled (though still being logged in) should log them out. However, in order to do this, i want to return a custom response if the user is making an ajax call, and for that, I need to ovverride HandleUnauthorizedRequest. But my Authorize Core (and by extension HandleUnauthorizedRequest) are being ignored if the user is logged in (despite the fact that I have customauthorize tags on all of my controller actions that the ajax is calling).

总之：我要授权每个请求的用户，而不仅仅是登录请求（这似乎是什么成员资格提供程序是做现在）

In short: I want to authorize the user on every request, not just the login request (which seems to be what the membership provider is doing right now)

推荐答案

我最终改变我的做法公平一点。我个人执行的权限检查，然后导致AuthorizeCore被称为每次（而不是被缓存，这是我的猜测是什么之前发生的事情）。

I ended up changing my approach a fair bit. I implemented individual permissions checking, and then that caused AuthorizeCore to be called every time (and not be cached, which I guess was what was happening before).

有趣的是，把一个断点上的 HandleUnauthorizedRequest 覆盖仍然不破，但把它会将方法内。奇怪，把我关了一下，不过我现在已经解决了。

Interestingly enough, putting a breakpoint on the HandleUnauthorizedRequest override still doesn't break, but putting it inside the method will. Strange, and threw me off for a bit, but I've solved it now.

code。如果有人有兴趣：

Code if anyone is interested:

public class CustomAuthorize : AuthorizeAttribute
{
    public string Permissions { get; set; }

    private IAccountRepository AccountRepository { get; set; }        

    private string[] permArray { get; set; }

    private string reqStatus { get; set; }

    public CustomAuthorize()
    {
        this.AccountRepository = new UserModel();
    }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        base.AuthorizeCore(httpContext);

        if (Permissions != null) {
            permArray = Permissions.Trim().Split(' ');

            if (AccountRepository.isEnabled(httpContext.User.Identity.Name)) {
                this.reqStatus = "permission";
                return AccountRepository.hasPermissions(permArray);                     
            } else {
                return false;
            }
        } else {
            return AccountRepository.isEnabled(httpContext.User.Identity.Name);
        }
    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) 
    {
        if (this.reqStatus == "permission") {
            filterContext.Result = new RedirectResult(MvcApplication.eM.cause("no_permission", "redirect"));
        } else {
            base.HandleUnauthorizedRequest(filterContext);
        }
    }
}

然后我饰控制器与此：

And then I decorated the controller with this:

[CustomAuthorize（权限=test_perm）]

这篇关于HandleUnauthorizedRequest不重写的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！