自定义授权属性

发布于 2024-10-18 05:40:53 字数 2358 浏览 0 评论 0原文

我正在构建自己的会员系统，我不想与 MS 会员提供商有任何关系。我浏览过互联网和 StackOverflow，但我所能找到的只是建立在 MS 会员资格提供商之上的会员资格提供商。

不管怎样，我现在几乎已经把所有东西都连接好了，但我想使用一个利用我的会员基础设施的自定义授权属性。我在网站上查看了这个线程，我正在尝试做类似的事情，但我不确定这是否是我需要的安静。到目前为止，这些是我已经得到的类：

SessionManager:

public static class SessionManager : ISessionManager
{
    public static void RegisterSession(string key, object obj)
    {
        System.Web.HttpContext.Current.Session[key] = obj;
    }

    public static void FreeSession(string key)
    {
        System.Web.HttpContext.Current.Session[key] = null;
    }


    public static bool CheckSession(string key)
    {
        if (System.Web.HttpContext.Current.Session[key] != null)
            return true;
        else
            return false;
    }


    public static object ReturnSessionObject(string key)
    {
        if (CheckSession(key))
            return System.Web.HttpContext.Current.Session[key];
        else
            return null;
    }
}

SharweAuthorizeAttribute: （我不太确定这是否真的是我应该做的 ）

public class SharweAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (SessionManager.CheckSession(SessionKeys.User) == true)
            return true;
        else 
            return false;
    }
}

现在这就是我需要的：

是我的 SharweAuthorizeAttribute 类首先正确吗？
我需要能够重定向未经身份验证的用户登录页面
我需要根据以下内容授权用户他们的角色（使用我自己的角色提供商）所以我会做一些事情像：
```
[SharweAuthorize(Roles="MyRole")]
```

我想就是这样......任何建议都非常受欢迎:)

更新： 好吧，我刚刚再次阅读该页面，找到了第二个问题的解决方案：

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    if (SessionManager.CheckSession(SessionKeys.User) == false)
    {
        filterContext.Result = new RedirectToRouteResult(
                        new RouteValueDictionary 
                        {
                            { "action", "ActionName" },
                            { "controller", "ControllerName" }
                        });
    }
    else
        base.HandleUnauthorizedRequest(filterContext);
}

如果我做对了，请告诉我......

原文

I'm building my own membership system and I want nothing to do with the MS Membership provider. I've looked around the internet and here on StackOverflow but all I could found was membership providers built on top of the MS Membership provider.

Anyway, I've got almost everything hooked up now, but I'd like to use a custom Authorize attribute which utilized my membership infrastructure. I checked out this thread here on the site and I'm trying to do something similar, but I'm not sure that's quiet what I need. So far these are the classes I've got:

SessionManager:

public static class SessionManager : ISessionManager
{
    public static void RegisterSession(string key, object obj)
    {
        System.Web.HttpContext.Current.Session[key] = obj;
    }

    public static void FreeSession(string key)
    {
        System.Web.HttpContext.Current.Session[key] = null;
    }


    public static bool CheckSession(string key)
    {
        if (System.Web.HttpContext.Current.Session[key] != null)
            return true;
        else
            return false;
    }


    public static object ReturnSessionObject(string key)
    {
        if (CheckSession(key))
            return System.Web.HttpContext.Current.Session[key];
        else
            return null;
    }
}

SharweAuthorizeAttribute: (I am not really sure if that's actually what I should be doing)

public class SharweAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (SessionManager.CheckSession(SessionKeys.User) == true)
            return true;
        else 
            return false;
    }
}

Now here's what I need:

Is my SharweAuthorizeAttribute class
correct in the first place?
I need to be able to redirect
unauthenticated users to the login
page
I need to authorize users based on
their roles (using my own role
provider) so I would do something
like:
```
[SharweAuthorize(Roles="MyRole")]
```

That's it I guess... Any suggestions are more than welcome :)

UPDATE:
Ok I just read that page again and found the solution to question number two:

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    if (SessionManager.CheckSession(SessionKeys.User) == false)
    {
        filterContext.Result = new RedirectToRouteResult(
                        new RouteValueDictionary 
                        {
                            { "action", "ActionName" },
                            { "controller", "ControllerName" }
                        });
    }
    else
        base.HandleUnauthorizedRequest(filterContext);
}

Let me know if I got it right please...

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

说不完的你爱 2024-10-25 05:40:53

是的，您做对了（IMO 实现自定义会员资格提供程序更安全、更简单，但这是您的选择）

是的，这是正确的
您做对了
您从 AuthorizeAttribute 继承了 roles 属性 基类，然后检查用户是否处于该角色中的实现。

编辑：更多关于角色的信息，

如果你有的话

[SharweAuthorize(Roles="MyRole")]

，你可以检查 AuthorizeCore 方法中的 Roles 属性

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    if (SessionManager.CheckSession(SessionKeys.User) == true) {
        if (SessionManager.CheckUserIsInRole( Roles )) // where Roles == "MyRole"
           return true;
    }
    return false;
}

Yes, you got it right (IMO it's safer and simpler to implement a custom membership provider, but it's your choice)

Yes, it's correct
You do it right
You inherit the roles property from the AuthorizeAttribute base class and you check in your implementation if the user is in the role.

Edit: a little more on the roles thing

if you have

[SharweAuthorize(Roles="MyRole")]

then you can check the Roles property in the AuthorizeCore method

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    if (SessionManager.CheckSession(SessionKeys.User) == true) {
        if (SessionManager.CheckUserIsInRole( Roles )) // where Roles == "MyRole"
           return true;
    }
    return false;
}

回复收藏 0 原文

~没有更多了~