ASP.NET MVC 中具有表单身份验证的自定义 IPrincipal
这应该很简单,但我在谷歌搜索之后根本无法弄清楚。这就是我想要的。我有一个自定义用户表(目前没有角色),我想对其进行授权。为此,我必须实现一个我已经完成的自定义会员提供程序。我的问题是,如何为 HttpContext.Current.User 设置自定义 IPrincipal?那应该发生在哪里?假设我有以下设置:
public class CustomMembershipProvider : MembershipProvider
{
private IUserRepository _repository;
public CustomMembershipProvider(IUserRepository repository)
{
_repository = repository;
}
public override bool ValidateUser(string username, string password)
{
//check user repository
}
//additional methods omitted for brevity
}
然后我有一个自定义用户类,它实现 IPrincipal 和 IIdentity
public class CustomUser : IPrincipal
{
public CustomUser(string name, int userId, string additionalInfo)
{
Identity = new CustomIdentity(name, userId, additionalInfo);
}
public IIdentity Identity { get; private set; }
public bool IsInRole(string role)
{
return true;
}
}
public class CustomIdentity : IIdentity
{
public CustomIdentity(string name, int userId, string additionalInfo)
{
Name = name;
UserId = userId;
AdditionalInfo = additionalInfo;
}
public string Name { get; private set; }
public string AuthenticationType
{
get { return "CustomAuth"; }
}
public bool IsAuthenticated
{
get { return !String.IsNullOrEmpty(Name); }
}
public int UserId { get; private set; }
public string AdditionalInfo { get; private set; }
}
所以我的问题是,设置 Context.User 的正确位置在哪里到此自定义用户的实例?我需要自定义授权属性吗?如果是这样,那会是什么样子?
This should be simple, but I simply cannot figure it out after all my googling. Here's what I want. I have a custom Users table (no roles at the moment) that I'd like to authorize against. For this I'll have to implement a custom Membership Provider which I've already done. My question is though, how do I go about setting a custom IPrincipal to the HttpContext.Current.User? Where should that happen? Let's say I have the following setup:
public class CustomMembershipProvider : MembershipProvider
{
private IUserRepository _repository;
public CustomMembershipProvider(IUserRepository repository)
{
_repository = repository;
}
public override bool ValidateUser(string username, string password)
{
//check user repository
}
//additional methods omitted for brevity
}
I then have a custom user class the implements IPrincipal and IIdentity
public class CustomUser : IPrincipal
{
public CustomUser(string name, int userId, string additionalInfo)
{
Identity = new CustomIdentity(name, userId, additionalInfo);
}
public IIdentity Identity { get; private set; }
public bool IsInRole(string role)
{
return true;
}
}
public class CustomIdentity : IIdentity
{
public CustomIdentity(string name, int userId, string additionalInfo)
{
Name = name;
UserId = userId;
AdditionalInfo = additionalInfo;
}
public string Name { get; private set; }
public string AuthenticationType
{
get { return "CustomAuth"; }
}
public bool IsAuthenticated
{
get { return !String.IsNullOrEmpty(Name); }
}
public int UserId { get; private set; }
public string AdditionalInfo { get; private set; }
}
So my question is, where is the correct place to set the Context.User to an instance of this custom user? Do I need a custom Authorize Attribute? If so, what would that look like?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我建议为所有控制器使用自定义控制器基类
然后,在 OnAuthorization 中调用
我不完全确定如何调用成员资格提供程序,因为我正在手动执行此操作,但我认为您已经静态访问
Membership.Provider以执行实际的对象构造。不会。请注意身份验证和授权的区别:身份验证在您的系统中建立用户的身份。授权允许或拒绝特定请求。因此,AuthorizeAttribute 还具有一个 Roles 参数,以允许仅由某些用户调用操作。
I suggest using a custom controller base class for all your controllers
Then, in
OnAuthorization, callI'm not entirely sure how to invoke the membership provider because I'm doing it manuallt, but I think you have static access to
Membership.Providerto perform the actual object construction.No. Notice the difference of authentication and authorization: authentication establishes the user's identity in your system. Authorization allows or denies a specific request. Hence,
AuthorizeAttributealso has aRolesparameter to allow an action to be called only by certain users.