使用AuthorizeAttribute或IAuthorizationFilter有什么区别? [英] What is the difference between using AuthorizeAttribute or IAuthorizationFilter?
问题描述
AuthorizeAttribute要求您重写OnAuthorization方法,而IAuthorizationFilter要求您实现OnAuthorization方法.在我看来,是一样的事情,还有其他区别吗?为什么一个要比另一个要用?
AuthorizeAttribute requires you to override the OnAuthorization method and IAuthorizationFilter requires you to implement an OnAuthorization method. Seems like the same thing to me, are there any other differences? Why would one be used over the other?
为澄清起见,我试图了解以下两段代码之间的区别.
To clarify, I'm trying to understand what the difference is between the following 2 pieces of code.
public class PasswordExpirationCheckAttribute : AuthorizeAttribute
{
private int _maxPasswordAgeInDays;
public PasswordExpirationCheckAttribute(int maxPasswordAgeInDays)
{
_maxPasswordAgeInDays = maxPasswordAgeInDays;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (!filterContext.ActionDescriptor.GetCustomAttributes(typeof(BypassPasswordExpirationCheckAttribute), true).Any())
{
IPrincipal userPrincipal = filterContext.RequestContext.HttpContext.User;
if (userPrincipal != null && userPrincipal.Identity.IsAuthenticated)
{
var userStore = new ApplicationUserStore(new IdentityDb());
var userManager = new ApplicationUserManager(userStore);
var user = userManager.FindByNameAsync(filterContext.RequestContext.HttpContext.User.Identity.Name).Result;
if (user != null)
{
var timeSpan = DateTime.Today.Date - user.LastPasswordChangedDate.Date;
if (timeSpan.TotalDays >= _maxPasswordAgeInDays)
{
HttpContextBase httpContextBase = new HttpContextWrapper(HttpContext.Current);
RequestContext requestContext = new RequestContext(httpContextBase, new RouteData());
UrlHelper urlHelper = new UrlHelper(requestContext);
filterContext.HttpContext.Response.Redirect(urlHelper.Action("ChangePassword", "Manage"));
}
}
}
}
base.OnAuthorization(filterContext);
}
}
和...
public class PasswordExpirationCheckAttribute : IAuthorizationFilter
{
private int _maxPasswordAgeInDays;
public PasswordExpirationCheckAttribute(int maxPasswordAgeInDays)
{
_maxPasswordAgeInDays = maxPasswordAgeInDays;
}
public void OnAuthorization(AuthorizationContext filterContext)
{
if (!filterContext.ActionDescriptor.GetCustomAttributes(typeof(BypassPasswordExpirationCheckAttribute), true).Any())
{
IPrincipal userPrincipal = filterContext.RequestContext.HttpContext.User;
if (userPrincipal != null && userPrincipal.Identity.IsAuthenticated)
{
var userStore = new ApplicationUserStore(new IdentityDb());
var userManager = new ApplicationUserManager(userStore);
var user = userManager.FindByNameAsync(filterContext.RequestContext.HttpContext.User.Identity.Name).Result;
if (user != null)
{
var timeSpan = DateTime.Today.Date - user.LastPasswordChangedDate.Date;
if (timeSpan.TotalDays >= _maxPasswordAgeInDays)
{
HttpContextBase httpContextBase = new HttpContextWrapper(HttpContext.Current);
RequestContext requestContext = new RequestContext(httpContextBase, new RouteData());
UrlHelper urlHelper = new UrlHelper(requestContext);
filterContext.HttpContext.Response.Redirect(urlHelper.Action("ChangePassword", "Manage"));
}
}
}
}
return;
}
}
推荐答案
IAuthorizationFilter仅仅是一个接口.它什么也没做.如果要使用它,则必须实现自己的授权属性,该属性从头开始实现该接口.
IAuthorizationFilter is only an interface. It does nothing. If you wanted to use it, you'd have to implement your own authorization attribute that implements that interface from the ground up.
AuthorizeAttribute开箱即用.它实现了IAuthorizationFilter,并且已经满足了开发人员的共同需求.它仍然允许您覆盖OnAuthorization方法,以防您想扩展其功能,但不必这样做,因为无需这样做,它就可以很好地工作.
AuthorizeAttribute, on the other hand, works out of the box. It implements IAuthorizationFilter and already takes care of the common needs of developers. It still allows you to override the OnAuthorization method in case you want to extend its functionality, but you don't have to, as it works just fine without you doing that.
这篇关于使用AuthorizeAttribute或IAuthorizationFilter有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
