MVC2 :: 如何*使用*自定义 IIdentity 类?

发布于 2024-10-13 11:20:05 字数 1260 浏览 8 评论 0原文

我正在尝试从网络服务中存储有关用户的一整车信息。由于这是有关当前经过身份验证的用户的信息,因此我认为将该信息存储在自定义 IIdentity 实现中是有意义的。

自定义 MagicMembershipProvider.GetUser(string id, bool userIsOnline) 调用 Web 服务并返回一个 MagicMembershipUser 实例,其中填充了所有字段(部门、电话号码、其他员工信息)。

自定义会员资格提供者和自定义会员资格用户都工作正常。

什么在哪里是将会员用户信息放入每个控制器均可访问的IPrincipal User对象的最佳方式?< /strong>

我一直在尝试通过 MVC2 应用程序中的 IIdentity、IPrincipal 和角色授权来了解安全程序流程 - 但我在这里真的很挣扎,需要一些指导。互联网上有大量关于各个部分的文章,但关于整体的文章却很少。

编辑

到目前为止我最好的猜测是在 FormsAuthenticationService 中分配 HttpContext.Current.User

public void SignIn(string userName, bool createPersistentCookie)
{
  if (String.IsNullOrEmpty(userName)) 
    throw new ArgumentException("Value cannot be null or empty.", "userName");

  try
  {
    FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);
    MagicMembershipUser magicUser = _provider.GetUser("", false) 
      as MagicMembershipUser;
    MagicIdentity identity = new MagicIdentity(userName, magicUser);
    GenericPrincipal principal = new GenericPrincipal(identity, null);

    HttpContext.Current.User = principal;
  }
  catch (Exception)
  {
    throw;
  }

    }

I am trying to store a whole truckload of information about a user from a webservice. As this is information about the currently authenticated user, I thought it would make sense to store that information in a custom IIdentity implementation.

The custom MagicMembershipProvider.GetUser(string id, bool userIsOnline) calls the webservice and returns a MagicMembershipUser instance with all the fields populated (department, phone number, other employee info).

The custom membership provider and custom membership user both work fine.

What and where is the best way to put the membership user information into the IPrincipal User object that is accessible in every controller?

I have been trying to wrap my brain around the program flow of security with IIdentity, IPrincipal and Role authorization in an MVC2 application -- but I'm really struggling here and could use some mentoring. There a Internet Ton of articles about the parts, but not much about the whole.

Edit

My best guess so far is to assign the HttpContext.Current.User in the FormsAuthenticationService:

public void SignIn(string userName, bool createPersistentCookie)
{
  if (String.IsNullOrEmpty(userName)) 
    throw new ArgumentException("Value cannot be null or empty.", "userName");

  try
  {
    FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);
    MagicMembershipUser magicUser = _provider.GetUser("", false) 
      as MagicMembershipUser;
    MagicIdentity identity = new MagicIdentity(userName, magicUser);
    GenericPrincipal principal = new GenericPrincipal(identity, null);

    HttpContext.Current.User = principal;
  }
  catch (Exception)
  {
    throw;
  }

    }

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

抽个烟儿 2024-10-20 11:20:05

将会员用户信息放入每个控制器均可访问的 IPrincipal User 对象中的最佳方法是什么?在哪里?

在自定义 [Authorize] 过滤器实现。您可以覆盖 AuthorizeCore 方法并调用基本方法,如果它返回 true,则查询您的会员资格提供者并将自定义魔术身份注入到上下文中。

示例:

public class MagicAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if (isAuthorized)
        {
            var username = httpContext.User.Identity.Name;
            var magicUser = _provider.GetUser(username, false) as MagicMembershipUser;
            var identity = new MagicIdentity(username, magicUser);
            var principal = new GenericPrincipal(identity, null);
            httpContext.User = principal;
        }
        return isAuthorized;
    }
}

现在剩下的就是使用 [MagicAuthorize] 属性装饰您的基本控制器。

What and where is the best way to put the membership user information into the IPrincipal User object that is accessible in every controller?

In a custom [Authorize] filter implementation. You could override the AuthorizeCore method and call the base method and if it returns true query your membership provider and inject the custom magic identity into the context.

Example:

public class MagicAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if (isAuthorized)
        {
            var username = httpContext.User.Identity.Name;
            var magicUser = _provider.GetUser(username, false) as MagicMembershipUser;
            var identity = new MagicIdentity(username, magicUser);
            var principal = new GenericPrincipal(identity, null);
            httpContext.User = principal;
        }
        return isAuthorized;
    }
}

Now all that's left is decorate your base controller with the [MagicAuthorize] attribute.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文