是否有可能重写[授权]在ASP.NET MVC的默认行为？ [英] Is it possible to override the default behavior of [Authorize] in ASP.NET MVC?

问题描述

我想知道是否/如何我可以覆盖在ASP.NET MVC中默认的[授权]的行为。我知道，我可以创造一个新的Action过滤器，使我自己的属性等等;我只是感兴趣，如果我可以简单地改变[授权]的行为，并用自己的code替换它的工作原理？

I wondered if/how I can override the default [Authorize] behavior in ASP.NET MVC. I know that I can create a new Action Filter, make my own attribute and so forth; I am merely interested if I can simply change the [Authorize] behavior and replace its workings with my own code?

修改：男生和女生。我AP preciate您的输入，但为我写的，我的的没有的希望推出一个新的[XYZAuthorize]属性。我知道如何做到这一点。我想保持[授权]格式，但只是改变它的工作原理。

Edit: Guys and Girls. I appreciate your input but as I wrote, I am not looking to introduce a new [XYZAuthorize] Attribute. I'm aware of how to do this. I want to keep the [Authorize] notation but just change how it works.

推荐答案

是的，看看MSDN文档的AuthorizeAttribute：<一href="http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx">http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx.

Yes, take a look at the MSDN docs for AuthorizeAttribute: http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx.

基本上，你可以覆盖OnAuthorization（）方法和自定义的行为。有对属性其他虚拟方法以及

Basically, you can override the OnAuthorization() method and customize the behavior. There are other virtual methods on the attribute as well.

编辑：布鲁诺指出，可以覆盖AuthorizeCore（）方法。主要的区别在于AuthorizeCore（）需要一个HttpContextBase，而OnAuthorization（）需要一个AuthorizationContext。 AuthorizationContext的实例为您提供了更多的信息，如控制器，RequestContext中和的RouteData。它也可以让你指定一个ActionResult。

As Bruno pointed out, you can override the AuthorizeCore() method. The main difference being that AuthorizeCore() takes an HttpContextBase, while OnAuthorization() takes an AuthorizationContext. An instance of AuthorizationContext provides you with more information, such as the Controller, the RequestContext and the RouteData. It also lets you specify an ActionResult.

AuthorizeCore（）更限制可以访问以及结果您可以返回的信息，但如果您需要授权缓存的数据，那么你的逻辑需要处理的情况下，你没有任何的额外的数据（由于数据是从缓存之前请求通过MVC的管道路由）。

AuthorizeCore() is more restricted in the information you can access as well as the result you can return, but if you need to authorize cached data, then your logic needs to handle the case where you don't have any of that extra data (since data is served from the cache before the request is routed through the MVC pipeline).

与往常一样，您需要了解您的情况和它们之间的可用工具和权衡。

As always, you need to understand your scenario and the available tools and trade-offs between them.

这篇关于是否有可能重写[授权]在ASP.NET MVC的默认行为？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！