问题描述
我建立我自己的会员体系,我想没有任何关系与MS会员供应商。我环顾四周互联网和这里的计算器,但所有我能找到始建于MS会员提供的会员顶级供应商。
I'm building my own membership system and I want nothing to do with the MS Membership provider. I've looked around the internet and here on StackOverflow but all I could found was membership providers built on top of the MS Membership provider.
不管怎样,我已经得到了几乎所有的东西,现在迷上了,但我想用一个自定义的授权灵活运用我的会员基础设施的属性。我检查了线程这里的网站上,我试图做同样的事情,但我不知道这是安静我需要什么。到目前为止,这些都是我已经得到了类:
Anyway, I've got almost everything hooked up now, but I'd like to use a custom Authorize attribute which utilized my membership infrastructure. I checked out this thread here on the site and I'm trying to do something similar, but I'm not sure that's quiet what I need. So far these are the classes I've got:
是SessionManager:
public static class SessionManager : ISessionManager
{
public static void RegisterSession(string key, object obj)
{
System.Web.HttpContext.Current.Session[key] = obj;
}
public static void FreeSession(string key)
{
System.Web.HttpContext.Current.Session[key] = null;
}
public static bool CheckSession(string key)
{
if (System.Web.HttpContext.Current.Session[key] != null)
return true;
else
return false;
}
public static object ReturnSessionObject(string key)
{
if (CheckSession(key))
return System.Web.HttpContext.Current.Session[key];
else
return null;
}
}
SharweAuthorizeAttribute:(我真的不知道,如果这实际上是我应该做的的)
public class SharweAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (SessionManager.CheckSession(SessionKeys.User) == true)
return true;
else
return false;
}
}
现在这就是我需要:
- 是我SharweAuthorizeAttribute类
首先正确? - 我需要能够重定向
未认证用户登录
页 -
我需要授权基于用户
他们的角色(使用我自己的角色
供应商),所以我会做一些
这样的:
- Is my SharweAuthorizeAttribute classcorrect in the first place?
- I need to be able to redirectunauthenticated users to the loginpage
I need to authorize users based ontheir roles (using my own roleprovider) so I would do somethinglike:
[SharweAuthorize(Roles="MyRole")]
这就是它,我猜...任何建议都无任欢迎:)
That's it I guess... Any suggestions are more than welcome :)
更新:
好吧,我刚刚看了一遍该网页,找到了解决问题2号:
UPDATE:Ok I just read that page again and found the solution to question number two:
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (SessionManager.CheckSession(SessionKeys.User) == false)
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "action", "ActionName" },
{ "controller", "ControllerName" }
});
}
else
base.HandleUnauthorizedRequest(filterContext);
}
让我知道,如果我这样做是正确,请...
Let me know if I got it right please...
推荐答案
是的,你这样做是正确(IMO它的安全和易于实现自定义的成员资格提供程序,但它是你的选择)
Yes, you got it right (IMO it's safer and simpler to implement a custom membership provider, but it's your choice)
- 是的,这是正确的
- 您这样做是正确
- 您继承了
角色
从AuthorizeAttribute
基类属性,并在您执行检查,如果用户是在的作用。
- Yes, it's correct
- You do it right
- You inherit the
roles
property from theAuthorizeAttribute
base class and you check in your implementation if the user is in the role.
编辑:多了几分角色的事情
如果您有
[SharweAuthorize(Roles="MyRole")]
然后就可以在AuthorizeCore方法检查角色属性
then you can check the Roles property in the AuthorizeCore method
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (SessionManager.CheckSession(SessionKeys.User) == true) {
if (SessionManager.CheckUserIsInRole( Roles )) // where Roles == "MyRole"
return true;
}
return false;
}
这篇关于自定义授权属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!