我怎样才能开发出接受登录或令牌定制AuthorizeAttribute? [英] How can I develop a custom AuthorizeAttribute that accepts a login OR a token?
问题描述
在我的MVC 5应用程序,我装饰我的控制器如下:
[授权]
公共类控制器
{
..
不过,有要求我必须是使用令牌授权的行动,而不去登录屏幕。即:的http:// {}网站/动作记号= {/ *令牌此用户* /}
因此,我怎么可以开发接受登录(默认行为)或令牌定制AuthorizeAttribute(自定义所需的行为)?
在换句话说,如果我用的http:// {}网站/动作,我会被重定向到登录界面(如果我没有被授权),但是如果我使用的http:// {}网站/动作记号= {/ *令牌此用户* /}说,我会授权,并重定向到行动<。 / p>
[TokenAuthorize] 类
公共类TokenAuthorize:AuthorizeAttribute
{
私人常量字符串SecureToken =令牌; 公共覆盖无效OnAuthorization(AuthorizationContext filterContext)
{
如果(授权(filterContext))
{
返回;
} HandleUnauthorizedRequest(filterContext);
} 私人布尔授权(AuthorizationContext ActionContext中)
{
尝试
{
HTT prequestBase请求= actionContext.RequestContext.HttpContext.Request;
字符串标记= request.Params [SecureToken] 返回SecurityManager.IsTokenValid(标记);
}
赶上(例外)
{
返回false;
}
}
}
如果我装饰我的控制器,具有:
[授权]
[TokenAuthorize]
公共类控制器
{
..
据处理为授权和 TokenAuthorize <子>的(1) 。我需要开发一个方法来处理,如授权或 TokenAuthorize
擦鞋的回答导致我在正确的轨道上。
我实现了他的建议,并没有在我的授权函数如下:
私人布尔授权(AuthorizationContext ActionContext中)
{
尝试
{
HttpContextBase语境= actionContext.RequestContext.HttpContext;
字符串标记= context.Request.Params [SecurityToken] 布尔isTokenAuthorized = SecurityManager.IsTokenValid(令牌);
如果(isTokenAuthorized)返回true; 布尔isDefaultAuthorized = AuthorizeCore(背景);
返回isDefaultAuthorized;
}
赶上(例外)
{
返回false;
}
}
只有 [TokenAuthorize] ,我可以授权通过登录(默认)的行动或通过令牌装饰。
In my MVC 5 application, I decorate my controllers as follows:
[Authorize]
public class Controller
{
..
However, one requirement I have is to use a token to authorize an action without going to the login screen. ie: http://{website}/Action?token={/* token for this user */}
Thus, how can I develop a custom AuthorizeAttribute that accepts a login (default behavior) OR a token (custom, required behavior)?
In other words, if I use http://{website}/Action, I would be redirected to the login screen (if I am not authorized), but if I use http://{website}/Action?token={/* token for this user */}, I would be authorized and redirected to said action.
[TokenAuthorize] class
public class TokenAuthorize : AuthorizeAttribute
{
private const string SecureToken = "token";
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (Authorize(filterContext))
{
return;
}
HandleUnauthorizedRequest(filterContext);
}
private bool Authorize(AuthorizationContext actionContext)
{
try
{
HttpRequestBase request = actionContext.RequestContext.HttpContext.Request;
string token = request.Params[SecureToken];
return SecurityManager.IsTokenValid(token);
}
catch (Exception)
{
return false;
}
}
}
If I decorate my controllers with:
[Authorize]
[TokenAuthorize]
public class Controller
{
..
It is processed as Authorize AND TokenAuthorize(1). I need to develop a way to process such as Authorize OR TokenAuthorize
Shoe's answer led me on the right track.
I implemented his suggestion and did the following in my Authorize function:
private bool Authorize(AuthorizationContext actionContext)
{
try
{
HttpContextBase context = actionContext.RequestContext.HttpContext;
string token = context.Request.Params[SecurityToken];
bool isTokenAuthorized = SecurityManager.IsTokenValid(token);
if (isTokenAuthorized) return true;
bool isDefaultAuthorized = AuthorizeCore(context);
return isDefaultAuthorized;
}
catch (Exception)
{
return false;
}
}
Decorating with just [TokenAuthorize], I can authorize an action via login (default) OR via token.
这篇关于我怎样才能开发出接受登录或令牌定制AuthorizeAttribute?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
