Authorize 标签如何工作?- ASP.NET MVC [英] How does the Authorize tag work? - ASP.NET MVC

问题描述

授权标签如何确定用户是否被授权?

How does the Authorize Tag determine if the user is authorized or not?

比如，如果用户登录并尝试转到具有 Authorize 标签的视图.它如何确定用户是否被授权?它会查询数据库并检查吗?

Like say, if a user logs in and they try to go to a view that has an Authorize tag. How does it determine if a user is authorized or not? Does it do a query to database and check?

如果他们去一个有角色授权的视图怎么样?是否查询成员角色表?

How about if they go to a view with a role authorization? Does it query the membership role table?

我只是想知道，因为我有 ASP.NET 成员资格表认为重复的用户名.我使用大量字段来确定哪个用户是什么，允许用户具有相同的重复用户名，但在我的数据库中仍然是唯一的.

I am just wondering since I have what the ASP.NET membership tables considers duplicate userNames. I use a serious of fields to determine which user is what, allowing users to have the same duplicate userName, but still be unique in my database.

这导致我不得不为许多 .NET 成员资格编写自定义方法，因为它们都使用userName"而不是使用 UserId 进行搜索.

This caused me to have to write custom methods for lots of .NET membership stuff since it all used "userName" to do searching instead of using the UserId.

所以我现在想知道 Authorize 标签是否会出现这种情况.由于我不知道它是如何工作的，而且如果我不使用 .NET 会员资格，我将不知道它将如何确定它.

So I am now wondering if this could be the case with the Authorize tag. Since I have no clue how it works and like if I was not using .NET membership I would not have a clue how it would determine it.

推荐答案

Authorize 标记使用来自 ASP.NET 的所有内置成员资格检查.扮演您自己的标签非常容易.例如:

The Authorize tag uses all the built in membership checks from ASP.NET. It's VERY easy to role your own tag. For example:

public class MyAuthorize : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (httpContext == null) throw new ArgumentNullException("httpContext");

        // Make sure the user is authenticated.
        if (httpContext.User.Identity.IsAuthenticated == false) return false;

        // Do you own custom stuff here
        bool allow = CheckIfAllowedToAccessStuff();

        return allow;
    }
}

然后您可以使用 [MyAuthorize] 标签，该标签将使用您的自定义检查.

You then can use the [MyAuthorize] tag which will use your custom checks.

这篇关于Authorize 标签如何工作?- ASP.NET MVC的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！