如何进行授权标签工作？ - Asp.net的mvc [英] How does the Authorize tag work? - Asp.net Mvc

问题描述

我想知道怎样的授权标签确定用户是否授权或不？

I am wondering how does the Authorize Tag determine if the user is authorized or not?

好比说如果他们试图在用户登录去，有一个授权标签的视图。它是如何确定用户是否被授权或不？它做一个查询数据库和检查？

Like say if a user logs in and they try to go to a view that has an Authorize tag. How does it determine if a user is authorized or not? Does it do a query to database and check?

怎么样，如果他们去一个视图与角色的授权？是否查询会员角色表？

How about if they go to a view with a role authorization? Does it query the membership role table?

我只是想知道，因为我有asp.net成员表认为重复的用户名是什么。我用一个严重的领域，以确定哪些用户是什么，让用户有相同的重复的用户名，但仍然会在我的数据库是独一无二的。

I am just wondering since I have what the asp.net membership tables considers duplicate userNames. I use a serious of fields to determine which user is what, allowing users to have the same duplicate userName but still be unique in my database.

这使我不得不写大量的.NET会员的东西，因为它全部采用username的做搜索，而不是使用userid自定义方法。

This caused me to have to write custom methods for lots of .net membership stuff since it all used "userName" to do searching instead of using the UserId.

所以，我现在想知道，这可能是与授权标签的情况。因为我不知道它是如何工作和一样，如果我不使用.NET的成员，我不会有一个线索它是如何确定的。

So I am now wondering if this could be the case with the Authorize tag. Since I have no clue how it works and like if I was not using .net membership I would not have a clue how it would determine it.

感谢

推荐答案

的授权标记使用所有的内置从ASP.NET成员资格检查。这是很容易的作用，您自己的标记。例如：

The Authorize tag uses all the built in membership checks from ASP.NET. It's VERY easy to role your own tag. For example:

public class MyAuthorize : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (httpContext == null) throw new ArgumentNullException("httpContext");

        // Make sure the user is authenticated.
        if (httpContext.User.Identity.IsAuthenticated == false) return false;

        // Do you own custom stuff here
        bool allow = CheckIfAllowedToAccessStuff();

        return allow;
    }
}

您可以再使用的将使用自定义检查 [MyAuthorize] 标记。

You then can use the [MyAuthorize] tag which will use your custom checks.

这篇关于如何进行授权标签工作？ - Asp.net的mvc的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！