自定义授权属性 [英] Custom Authorize Attribute

问题描述

我建立我自己的会员体系，我想没有任何关系与MS会员供应商。我环顾四周互联网和这里的计算器，但所有我能找到始建于MS会员提供的会员顶级供应商。

I'm building my own membership system and I want nothing to do with the MS Membership provider. I've looked around the internet and here on StackOverflow but all I could found was membership providers built on top of the MS Membership provider.

不管怎样，我已经得到了几乎所有的东西，现在迷上了，但我想用一个自定义的授权灵活运用我的会员基础设施的属性。我检查了这线程这里的网站上，我试图做同样的事情，但我不知道这是安静我需要什么。到目前为止，这些都是我已经得到了类：

Anyway, I've got almost everything hooked up now, but I'd like to use a custom Authorize attribute which utilized my membership infrastructure. I checked out this thread here on the site and I'm trying to do something similar, but I'm not sure that's quiet what I need. So far these are the classes I've got:

是SessionManager：

public static class SessionManager : ISessionManager
{
    public static void RegisterSession(string key, object obj)
    {
        System.Web.HttpContext.Current.Session[key] = obj;
    }

    public static void FreeSession(string key)
    {
        System.Web.HttpContext.Current.Session[key] = null;
    }


    public static bool CheckSession(string key)
    {
        if (System.Web.HttpContext.Current.Session[key] != null)
            return true;
        else
            return false;
    }


    public static object ReturnSessionObject(string key)
    {
        if (CheckSession(key))
            return System.Web.HttpContext.Current.Session[key];
        else
            return null;
    }
}

SharweAuthorizeAttribute：（我真的不知道，如果这实际上是我应该做的的）

public class SharweAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (SessionManager.CheckSession(SessionKeys.User) == true)
            return true;
        else 
            return false;
    }
}

现在这就是我需要：

1. 是我SharweAuthorizeAttribute类
   首先正确？


2. 我需要能够重定向
   未认证用户登录
   页



3. 我需要授权基于用户
   他们的角色（使用我自己的角色
   供应商），所以我会做一些
   这样的：

1. Is my SharweAuthorizeAttribute class correct in the first place?
2. I need to be able to redirect unauthenticated users to the login page

3. I need to authorize users based on their roles (using my own role provider) so I would do something like:

[SharweAuthorize(Roles="MyRole")]

这就是它，我猜...任何建议都无任欢迎：）

That's it I guess... Any suggestions are more than welcome :)

更新：
好吧，我刚刚看了一遍该网页，找到了解决问题2号：

UPDATE: Ok I just read that page again and found the solution to question number two:

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    if (SessionManager.CheckSession(SessionKeys.User) == false)
    {
        filterContext.Result = new RedirectToRouteResult(
                        new RouteValueDictionary 
                        {
                            { "action", "ActionName" },
                            { "controller", "ControllerName" }
                        });
    }
    else
        base.HandleUnauthorizedRequest(filterContext);
}

让我知道，如果我这样做是正确，请...

Let me know if I got it right please...

推荐答案

是的，你这样做是正确（IMO它的安全和易于实现自定义的成员资格提供程序，但它是你的选择）

Yes, you got it right (IMO it's safer and simpler to implement a custom membership provider, but it's your choice)

1. 是的，这是正确的


2. 您这样做是正确


3. 您继承了角色从 AuthorizeAttribute 基类属性，并在您执行检查，如果用户是在的作用。

1. Yes, it's correct
2. You do it right
3. You inherit the roles property from the AuthorizeAttribute base class and you check in your implementation if the user is in the role.

编辑：多了几分角色的事情

如果您有

[SharweAuthorize(Roles="MyRole")]

然后就可以在AuthorizeCore方法检查角色属性

then you can check the Roles property in the AuthorizeCore method

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    if (SessionManager.CheckSession(SessionKeys.User) == true) {
        if (SessionManager.CheckUserIsInRole( Roles )) // where Roles == "MyRole"
           return true;
    }
    return false;
}

这篇关于自定义授权属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！