thi*_*ag0 8 authorize-attribute asp.net-mvc-5 iauthorizationfilter
AuthorizeAttribute要求您覆盖OnAuthorization方法,IAuthorizationFilter要求您实现OnAuthorization方法.对我来说似乎是一样的东西,还有其他差异吗?为什么一个用于另一个?
编辑:澄清一下,我试图了解以下两段代码之间的区别.
public class PasswordExpirationCheckAttribute : AuthorizeAttribute
{
private int _maxPasswordAgeInDays;
public PasswordExpirationCheckAttribute(int maxPasswordAgeInDays)
{
_maxPasswordAgeInDays = maxPasswordAgeInDays;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (!filterContext.ActionDescriptor.GetCustomAttributes(typeof(BypassPasswordExpirationCheckAttribute), true).Any())
{
IPrincipal userPrincipal = filterContext.RequestContext.HttpContext.User;
if (userPrincipal != null && userPrincipal.Identity.IsAuthenticated)
{
var userStore = new ApplicationUserStore(new IdentityDb());
var userManager = new ApplicationUserManager(userStore);
var user = userManager.FindByNameAsync(filterContext.RequestContext.HttpContext.User.Identity.Name).Result;
if (user != null)
{
var timeSpan = DateTime.Today.Date - user.LastPasswordChangedDate.Date;
if (timeSpan.TotalDays >= _maxPasswordAgeInDays)
{
HttpContextBase httpContextBase = new HttpContextWrapper(HttpContext.Current);
RequestContext requestContext = new RequestContext(httpContextBase, new RouteData());
UrlHelper urlHelper = new UrlHelper(requestContext);
filterContext.HttpContext.Response.Redirect(urlHelper.Action("ChangePassword", "Manage"));
}
}
}
}
base.OnAuthorization(filterContext);
}
}
和...
public class PasswordExpirationCheckAttribute : IAuthorizationFilter
{
private int _maxPasswordAgeInDays;
public PasswordExpirationCheckAttribute(int maxPasswordAgeInDays)
{
_maxPasswordAgeInDays = maxPasswordAgeInDays;
}
public void OnAuthorization(AuthorizationContext filterContext)
{
if (!filterContext.ActionDescriptor.GetCustomAttributes(typeof(BypassPasswordExpirationCheckAttribute), true).Any())
{
IPrincipal userPrincipal = filterContext.RequestContext.HttpContext.User;
if (userPrincipal != null && userPrincipal.Identity.IsAuthenticated)
{
var userStore = new ApplicationUserStore(new IdentityDb());
var userManager = new ApplicationUserManager(userStore);
var user = userManager.FindByNameAsync(filterContext.RequestContext.HttpContext.User.Identity.Name).Result;
if (user != null)
{
var timeSpan = DateTime.Today.Date - user.LastPasswordChangedDate.Date;
if (timeSpan.TotalDays >= _maxPasswordAgeInDays)
{
HttpContextBase httpContextBase = new HttpContextWrapper(HttpContext.Current);
RequestContext requestContext = new RequestContext(httpContextBase, new RouteData());
UrlHelper urlHelper = new UrlHelper(requestContext);
filterContext.HttpContext.Response.Redirect(urlHelper.Action("ChangePassword", "Manage"));
}
}
}
}
return;
}
}
IAuthorizationFilter仅仅是一个接口。它什么也没做。如果要使用它,则必须实现自己的授权属性,该属性从头开始实现该接口。
AuthorizeAttribute另一方面,可以直接使用。它实现IAuthorizationFilter并已经照顾到开发人员的共同需求。它仍然允许您重写该OnAuthorization方法,以防您想扩展其功能,但是不必这样做,因为如果不这样做,它就可以正常工作。
| 归档时间: |
|
| 查看次数: |
2660 次 |
| 最近记录: |