在我的應用程序中,我希望重定向授權用戶更新他們的配置文件頁面,直到他們提供了所需的信息。如果他們更新配置文件,那麼IsProfileCompleted在數據庫中設置爲'true'。覆蓋MVC中的AuthorizeAttribute 4
所以,我知道這可以通過將檢查條件放入控制器的所需操作中來完成。 但我想通過自定義AuthorizeAttribute來做到這一點。
我谷歌搜索和'StackOverflowed'的信息,但感到困惑。請指導我。
public class MyAuthorizeAttribute: AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var authorized = base.AuthorizeCore(httpContext);
if (!authorized)
{
// The user is not authorized => no need to go any further
return false;
}
// We have an authenticated user, let's get his username
string authenticatedUser = httpContext.User.Identity.Name;
// and check if he has completed his profile
if (!this.IsProfileCompleted(authenticatedUser))
{
// we store some key into the current HttpContext so that
// the HandleUnauthorizedRequest method would know whether it
// should redirect to the Login or CompleteProfile page
httpContext.Items["redirectToCompleteProfile"] = true;
return false;
}
return true;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Items.Contains("redirectToCompleteProfile"))
{
var routeValues = new RouteValueDictionary(new
{
controller = "someController",
action = "someAction",
});
filterContext.Result = new RedirectToRouteResult(routeValues);
}
else
{
base.HandleUnauthorizedRequest(filterContext);
}
}
private bool IsProfileCompleted(string user)
{
// You know what to do here => go hit your database to verify if the
// current user has already completed his profile by checking
// the corresponding field
throw new NotImplementedException();
}
}
,然後你可以裝飾這個自定義屬性您的控制器操作:
[MyAuthorize]
public ActionResult FooBar()
{
...
}
我已經採取了這一代碼,增加了我自己的一些變化,即檢查是否在當前登錄用戶的在服務器上有會話狀態,它們不像以前那樣昂貴!
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var authorized = base.AuthorizeCore(httpContext);
if (!authorized && !Membership.isAuthenticated())
{
// The user is not authorized => no need to go any further
return false;
}
return true;
}
}
public class Membership
{
public static SystemUserDTO GetCurrentUser()
{
// create a system user instance
SystemUserDTO user = null;
try
{
user = (SystemUserDTO)HttpContext.Current.Session["CurrentUser"];
}
catch (Exception ex)
{
// stores message into an event log
Utilities.Log(ex.Message, System.Diagnostics.EventLogEntryType.Warning);
}
return user;
}
public static bool isAuthenticated()
{
bool loggedIn = HttpContext.Current.User.Identity.IsAuthenticated;
bool hasSession = (GetCurrentUser() != null);
return (loggedIn && hasSession);
}
}
我在我的mvc應用程序中使用此示例進行自定義授權。但是,它不會將其重定向到返回url。我錯過了什麼嗎? – Ranger
我再次來到這裏,上面的問題已經解決。我使用基於會話的登錄,有時它會執行授權後應執行的代碼。我正在使用會話密鑰的靜態屬性。你能幫助我嗎? protected override bool AuthorizeCore(HttpContextBase httpContext) if(string.IsNullOrEmpty(CurrentUser.UserName)|| CurrentUser.UserName ==「」) return false; 返回true; } – Ranger
此答案與MVC 5兼容,還是應該進行更改? – radbyx