在ASP.NET MVC属性的prevent缓存，力量属性执行每一个操作执行时 [英] Prevent Caching of Attributes in ASP.NET MVC, force Attribute Execution every time an Action is Executed

问题描述

根据不同的制品（如这里和<一个href=\"http://stackoverflow.com/questions/1440121/actionfilterattribute-apply-to-actions-of-a-specific-controller-type\">here)属性对ASP.NET MVC操作结果可能会缓存在和不会再次执行：当一个控制器动作被调用。

According to various articles (e.g. here and here) attribute results on ASP.NET MVC Actions may be cached and not executed again when a controller action is called.

这行为是不是在我所希望的情况下（例如我有一个授权系统基于我自己的属性和IP地址，角色检查需要执行的每一次，和其他的东西）。

That behavior is not desired in my case (e.g. I have an authorization system based on my own attributes and IPs, role checks that need to execute every time, and other things).

我如何prevent ASP.NET MVC从缓存我的属性/属性的执行结果，并保证它们的每次执行

How can I prevent ASP.NET MVC from caching my attributes/attribute execution results and guarantee that they are executed every time?

推荐答案

看源$ C ​​$ C为AuthorizeAttribute（上codePLEX或通过反射镜），看看它是如何去有关关闭缓存授权页面。我重构其插入我的自定义授权属性一个单独的方法从AuthorizeAttribute派生的。

Look at the source code for the AuthorizeAttribute (on Codeplex or via Reflector) to see how it goes about turning off caching for authorized pages. I refactored it into a separate method on my custom authorization attribute which derives from AuthorizeAttribute.

protected void CacheValidateHandler( HttpContext context, object data, ref HttpValidationStatus validationStatus )
{
    validationStatus = OnCacheAuthorization( new HttpContextWrapper( context ) );
}

protected void SetCachePolicy( AuthorizationContext filterContext )
{
    // ** IMPORTANT **
    // Since we're performing authorization at the action level, the authorization code runs
    // after the output caching module. In the worst case this could allow an authorized user
    // to cause the page to be cached, then an unauthorized user would later be served the
    // cached page. We work around this by telling proxies not to cache the sensitive page,
    // then we hook our custom authorization code into the caching mechanism so that we have
    // the final say on whether a page should be served from the cache.
    HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
    cachePolicy.SetProxyMaxAge( new TimeSpan( 0 ) );
    cachePolicy.AddValidationCallback( CacheValidateHandler, null /* data */);
}

这篇关于在ASP.NET MVC属性的prevent缓存，力量属性执行每一个操作执行时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！