自定义授权属性

发布于 2024-10-18 05:40:53 字数 2358 浏览 3 评论 0原文

我正在构建自己的会员系统,我不想与 MS 会员提供商有任何关系。我浏览过互联网和 StackOverflow,但我所能找到的只是建立在 MS 会员资格提供商之上的会员资格提供商。

不管怎样,我现在几乎已经把所有东西都连接好了,但我想使用一个利用我的会员基础设施的自定义授权属性。我在网站上查看了这个线程,我正在尝试做类似的事情,但我不确定这是否是我需要的安静。到目前为止,这些是我已经得到的类:

SessionManager:

public static class SessionManager : ISessionManager
{
    public static void RegisterSession(string key, object obj)
    {
        System.Web.HttpContext.Current.Session[key] = obj;
    }

    public static void FreeSession(string key)
    {
        System.Web.HttpContext.Current.Session[key] = null;
    }


    public static bool CheckSession(string key)
    {
        if (System.Web.HttpContext.Current.Session[key] != null)
            return true;
        else
            return false;
    }


    public static object ReturnSessionObject(string key)
    {
        if (CheckSession(key))
            return System.Web.HttpContext.Current.Session[key];
        else
            return null;
    }
}

SharweAuthorizeAttribute:我不太确定这是否真的是我应该做的

public class SharweAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (SessionManager.CheckSession(SessionKeys.User) == true)
            return true;
        else 
            return false;
    }
}

现在这就是我需要的:

  1. 是我的 SharweAuthorizeAttribute 类 首先正确吗?
  2. 我需要能够重定向 未经身份验证的用户登录 页面
  3. 我需要根据以下内容授权用户 他们的角色(使用我自己的角色 提供商)所以我会做一些事情 像:

    [SharweAuthorize(Roles="MyRole")]
    

我想就是这样......任何建议都非常受欢迎:)

更新: 好吧,我刚刚再次阅读该页面,找到了第二个问题的解决方案:

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    if (SessionManager.CheckSession(SessionKeys.User) == false)
    {
        filterContext.Result = new RedirectToRouteResult(
                        new RouteValueDictionary 
                        {
                            { "action", "ActionName" },
                            { "controller", "ControllerName" }
                        });
    }
    else
        base.HandleUnauthorizedRequest(filterContext);
}

如果我做对了,请告诉我......

I'm building my own membership system and I want nothing to do with the MS Membership provider. I've looked around the internet and here on StackOverflow but all I could found was membership providers built on top of the MS Membership provider.

Anyway, I've got almost everything hooked up now, but I'd like to use a custom Authorize attribute which utilized my membership infrastructure. I checked out this thread here on the site and I'm trying to do something similar, but I'm not sure that's quiet what I need. So far these are the classes I've got:

SessionManager:

public static class SessionManager : ISessionManager
{
    public static void RegisterSession(string key, object obj)
    {
        System.Web.HttpContext.Current.Session[key] = obj;
    }

    public static void FreeSession(string key)
    {
        System.Web.HttpContext.Current.Session[key] = null;
    }


    public static bool CheckSession(string key)
    {
        if (System.Web.HttpContext.Current.Session[key] != null)
            return true;
        else
            return false;
    }


    public static object ReturnSessionObject(string key)
    {
        if (CheckSession(key))
            return System.Web.HttpContext.Current.Session[key];
        else
            return null;
    }
}

SharweAuthorizeAttribute: (I am not really sure if that's actually what I should be doing)

public class SharweAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (SessionManager.CheckSession(SessionKeys.User) == true)
            return true;
        else 
            return false;
    }
}

Now here's what I need:

  1. Is my SharweAuthorizeAttribute class
    correct in the first place?
  2. I need to be able to redirect
    unauthenticated users to the login
    page
  3. I need to authorize users based on
    their roles (using my own role
    provider) so I would do something
    like:

    [SharweAuthorize(Roles="MyRole")]
    

That's it I guess... Any suggestions are more than welcome :)

UPDATE:
Ok I just read that page again and found the solution to question number two:

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    if (SessionManager.CheckSession(SessionKeys.User) == false)
    {
        filterContext.Result = new RedirectToRouteResult(
                        new RouteValueDictionary 
                        {
                            { "action", "ActionName" },
                            { "controller", "ControllerName" }
                        });
    }
    else
        base.HandleUnauthorizedRequest(filterContext);
}

Let me know if I got it right please...

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

说不完的你爱 2024-10-25 05:40:53

是的,您做对了(IMO 实现自定义会员资格提供程序更安全、更简单,但这是您的选择)

  1. 是的,这是正确的
  2. 您做对了
  3. 您从 AuthorizeAttribute 继承了 roles 属性 基类,然后检查用户是否处于该角色中的实现。

编辑:更多关于角色的信息,

如果你有的话

[SharweAuthorize(Roles="MyRole")]

,你可以检查 AuthorizeCore 方法中的 Roles 属性

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    if (SessionManager.CheckSession(SessionKeys.User) == true) {
        if (SessionManager.CheckUserIsInRole( Roles )) // where Roles == "MyRole"
           return true;
    }
    return false;
}

Yes, you got it right (IMO it's safer and simpler to implement a custom membership provider, but it's your choice)

  1. Yes, it's correct
  2. You do it right
  3. You inherit the roles property from the AuthorizeAttribute base class and you check in your implementation if the user is in the role.

Edit: a little more on the roles thing

if you have

[SharweAuthorize(Roles="MyRole")]

then you can check the Roles property in the AuthorizeCore method

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    if (SessionManager.CheckSession(SessionKeys.User) == true) {
        if (SessionManager.CheckUserIsInRole( Roles )) // where Roles == "MyRole"
           return true;
    }
    return false;
}
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文