MVC2 :: 如何*使用*自定义 IIdentity 类?
我正在尝试从网络服务中存储有关用户的一整车信息。由于这是有关当前经过身份验证的用户的信息,因此我认为将该信息存储在自定义 IIdentity 实现中是有意义的。
自定义 MagicMembershipProvider.GetUser(string id, bool userIsOnline) 调用 Web 服务并返回一个 MagicMembershipUser 实例,其中填充了所有字段(部门、电话号码、其他员工信息)。
自定义会员资格提供者和自定义会员资格用户都工作正常。
什么和在哪里是将会员用户信息放入每个控制器均可访问的IPrincipal User对象的最佳方式?< /strong>
我一直在尝试通过 MVC2 应用程序中的 IIdentity、IPrincipal 和角色授权来了解安全程序流程 - 但我在这里真的很挣扎,需要一些指导。互联网上有大量关于各个部分的文章,但关于整体的文章却很少。
编辑
到目前为止我最好的猜测是在 FormsAuthenticationService 中分配 HttpContext.Current.User:
public void SignIn(string userName, bool createPersistentCookie)
{
if (String.IsNullOrEmpty(userName))
throw new ArgumentException("Value cannot be null or empty.", "userName");
try
{
FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);
MagicMembershipUser magicUser = _provider.GetUser("", false)
as MagicMembershipUser;
MagicIdentity identity = new MagicIdentity(userName, magicUser);
GenericPrincipal principal = new GenericPrincipal(identity, null);
HttpContext.Current.User = principal;
}
catch (Exception)
{
throw;
}
}
I am trying to store a whole truckload of information about a user from a webservice. As this is information about the currently authenticated user, I thought it would make sense to store that information in a custom IIdentity implementation.
The custom MagicMembershipProvider.GetUser(string id, bool userIsOnline) calls the webservice and returns a MagicMembershipUser instance with all the fields populated (department, phone number, other employee info).
The custom membership provider and custom membership user both work fine.
What and where is the best way to put the membership user information into the IPrincipal User object that is accessible in every controller?
I have been trying to wrap my brain around the program flow of security with IIdentity, IPrincipal and Role authorization in an MVC2 application -- but I'm really struggling here and could use some mentoring. There a Internet Ton of articles about the parts, but not much about the whole.
Edit
My best guess so far is to assign the HttpContext.Current.User in the FormsAuthenticationService:
public void SignIn(string userName, bool createPersistentCookie)
{
if (String.IsNullOrEmpty(userName))
throw new ArgumentException("Value cannot be null or empty.", "userName");
try
{
FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);
MagicMembershipUser magicUser = _provider.GetUser("", false)
as MagicMembershipUser;
MagicIdentity identity = new MagicIdentity(userName, magicUser);
GenericPrincipal principal = new GenericPrincipal(identity, null);
HttpContext.Current.User = principal;
}
catch (Exception)
{
throw;
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在自定义
[Authorize]中 过滤器实现。您可以覆盖 AuthorizeCore 方法并调用基本方法,如果它返回 true,则查询您的会员资格提供者并将自定义魔术身份注入到上下文中。示例:
现在剩下的就是使用
[MagicAuthorize]属性装饰您的基本控制器。In a custom
[Authorize]filter implementation. You could override the AuthorizeCore method and call the base method and if it returns true query your membership provider and inject the custom magic identity into the context.Example:
Now all that's left is decorate your base controller with the
[MagicAuthorize]attribute.