AuthorizeAttribute和參數

Question

我在我的應用程序中有一個自定義的AuthorizeAttribute，它需要一個輸入參數bool UserIsOnline。此參數用於增加一個表字段，該字段包含有關上次用戶交互時間的信息，即對於在後臺執行的jj請求，我提供false和常規請求，或用戶啓動的ajax請求，true值。

這個工作大部分時間，但並不總是。 I've read thatAuthorizeAttribute不是線程安全的，這讓我懷疑這個UserIsOnline參數是否是錯誤的，因爲它在被處理之前被另一個進程修改。我將如何去解決這個問題？我不應該使用AuthorizeAttribute進行此操作嗎？

public class MyAuthorizeAttribute : AuthorizeAttribute 
{ 
    private MyMembershipProvider _provider = new MyMembershipProvider(); // this class is thread-safe 
    private bool _userIsOnline = true; 
    public bool UserIsOnline { get { return _userIsOnline; } set { _userIsOnline = value; } } 

    protected override bool AuthorizeCore(HttpContextBase httpContext) 
    { 
    if (httpContext == null) 
    { 
     throw new ArgumentNullException("httpContext"); 
    } 

    // Check if user is authenticated 
    IPrincipal user = httpContext.User; 
    if (!user.Identity.IsAuthenticated) 
    { 
     return false; 
    } 
    // Check that the user still exists in database 
    MyMembershipUser myUser = (MyMembershipUser)_provider.GetUser(user.Identity.Name, _userIsOnline); 
    if (myUser == null) 
    { 
     // User does not exist anymore, remove browser cookie 
     System.Web.Security.FormsAuthentication.SignOut(); 
     return false; 
    } 
    return true; 
    } 
} 

Answer 1

您可以完全跳過參數，並使用httpContext.Request.IsAjaxRequest

public class MyAuthorizeAttribute : AuthorizeAttribute 
{ 
    protected override bool AuthorizeCore(HttpContextBase httpContext) 
    { 
    if (httpContext == null) 
    { 
     throw new ArgumentNullException("httpContext"); 
    } 

    // Check if user is authenticated 
    IPrincipal user = httpContext.User; 
    if (!user.Identity.IsAuthenticated) 
    { 
     return false; 
    } 

    if (!httpContext.Request.IsAjaxRequest()) 
    { 
     // do your thing in the DB 
    }