ASP.NET个IAuthorizationFilter OnAuthorization [英] ASP.NET IAuthorizationFilter OnAuthorization
问题描述
您好我想实现一个自定义过滤器的授权
Hi I am trying to implement a custom Authorization filter
//The Authourization attribute on a controller
public class CustomAdminAuthorizationFilter : IAuthorizationFilter
{
private readonly IAuthentication _authentication;
public SageAdminAuthorizationFilter(IAuthentication authentication)
{
_authentication = authentication;
}
public void OnAuthorization(AuthorizationContext filterContext)
{
bool result = _authentication.Authorize(filterContext.HttpContext);
}
}
你可以在OnAuthorization我得到一个结果是假的真见。
什么我需要设置返回我从哪里来?
As you can see on the OnAuthorization I get back a result that is true of false. What do I need to set to return where I came from?
编辑:
这似乎仍然直接扔我到登录页面
It still seems to throw me straight to the log in page
我做的注入IAuthetication
I do inject IAuthetication
this.BindFilter<CustomAdminAuthorizationFilter>(FilterScope.Controller, 0);
Bind<IAuthentication>().To<CustomAuthenticationService>();
然后我装点我的控制器动作如此。
Then I decorate my action in the controller as so.
[Authorize]
public ActionResult Index()
{
ViewBag.Title = "Welcome";
ViewBag.Message = "Welcome to ASP.NET MVC!";
return View();
}
在我的web.config进出口使用
In my web.config Im using
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
如果有这样的改变?
Should this be altered?
任何帮助将大大AP preciated。
Any help would be greatly appreciated.
推荐答案
修改成一个属性
,而不是简单的一个个IAuthorizationFilter
您还需要抛出 UnauthorizedAccessException
你的 OnAuthorization
方法中
Change that to an Attribute
, not simple a IAuthorizationFilter
You also need to throw an UnauthorizedAccessException
within your OnAuthorization
method
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class SageAdminAuthorizeAttribute : AuthorizeAttribute, IAuthorizationFilter
{
readonly IAuthentication _authentication;
public SageAdminAuthorizeAttribute(IAuthentication authentication)
{
_authentication = authentication;
}
public void OnAuthorization(AuthorizationContext filterContext)
{
if (!_authentication.Authorize(filterContext.HttpContext))
throw new UnauthorizedAccessException();
}
}
和现在,而不是使用 [授权]
使用新的 [SageAdminAuthorize]
属性
And now rather than using [Authorize]
use your new [SageAdminAuthorize]
attribute
[SageAdminAuthorize]
public ActionResult Index()
{
ViewBag.Title = "Welcome";
ViewBag.Message = "Welcome to ASP.NET MVC!";
return View();
}
这篇关于ASP.NET个IAuthorizationFilter OnAuthorization的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!