我应该叫base.OnAuthorization(filterContext)? [英] Should I call base.OnAuthorization(filterContext)?
问题描述
我有一个自定义的 AuthorizeAttribute
像这样:
I have a custom AuthorizeAttribute
like so:
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Request.IsAuthenticated)
{
var userInRole = CurrentUser.IsInRole(Roles);
// Etc...
}
}
我应该叫 base.OnAuthorization(filterContext)
都在这里吗?
如果是这样,那会是什么?
If so, what would it do?
推荐答案
默认的实现是开源的,可以被看作<一href="https://github.com/ASP-NET-MVC/aspnetwebstack/blob/master/src/System.Web.Mvc/AuthorizeAttribute.cs"相对=nofollow>这里。
The default implementation is open source and can be viewed here.
有检查用户是否被认证,则进行检查,以确保用户或角色上的属性指定。
It checks whether the user is authenticated, then checks to ensure the user or role is specified on the attribute.
我想真正的问题是,为什么你写一个自定义的 AuthorizeAttribute
时,内置一已经这样做你在做什么?
I guess the real question is, why are you writing a custom AuthorizeAttribute
when the built-in one already does what you are doing?
请注意,它会更简单,以覆盖 AuthorizeCore
办法( 而不是OnAuthorization 的),如果你真的确实需要,因为 OnAuthorization
方法具有code禁用输出缓存使缓存的意见不能注销后就可以看到以自定义它。
Do note that it would be simpler to override the AuthorizeCore
method (instead of OnAuthorization) if you really do need to customize it because the OnAuthorization
method has code to disable output caching so cached views cannot be seen after logout.
这篇关于我应该叫base.OnAuthorization(filterContext)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!