c# - 没有调用AuthorizeAttribute中的AuthorizeCore重写

出于某种原因，仅调用OnAuthorization方法，而没有调用AuthorizeCore。
这就是我所说的:

[AuthorizeWithRoles(Roles = "Affiliate")]
public string TestOnlyAffiliate()
{
     return "ok";
}

这是实际属性。

public class AuthorizeWithRolesAttribute : AuthorizeAttribute
{

    public string Roles { get; set; }

    //
    //AuthorizeCore - NOT INVOKING!
    //
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        return true;
    }
    public  void OnAuthorization(AuthorizationContext filterContext)
    {

    }
}

最佳答案

您不应该覆盖OnAuthorization。它处理潜在的缓存问题并调用AuthorizeCore。

http://aspnetwebstack.codeplex.com/SourceControl/changeset/view/1acb241299a8#src/System.Web.Mvc/AuthorizeAttribute.cs

// In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page.

将您的自定义逻辑放入AuthorizationCore中。

关于c# - 没有调用AuthorizeAttribute中的AuthorizeCore重写，我们在Stack Overflow上找到一个类似的问题：https://stackoverflow.com/questions/13071615/