当调用OnAuthorization方法时

本文关键字:方法 OnAuthorization 调用 | 更新日期: 2023-09-27 18:26:41

我已经实现了一种自定义方法,使用户信息可用于具有类似以下smth的视图:

    protected override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (HttpContext.User != null)
        {
            HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie != null)
            {
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
                JavaScriptSerializer serializer = new JavaScriptSerializer();
                AWESOMEUser user = serializer.Deserialize<AWESOMEUser>(authTicket.UserData);
                if (user == null)
                {
                    HttpContext.User = null;
                }
                else
                {
                    HttpContext.User = new PlatformUser(typeof(DBMembershipProvider).Name, user);
                }
            }
            else
            {
                HttpContext.User = null;
            }
        }
        base.OnAuthorization(filterContext);
}

问题是,当用户信息(尤其是权限)在数据库中发生更改时,它不会反映在视图中。我应该在每次通话时都更新它吗?这里有更聪明的方法,即其他有助于自动更新用户信息的方法?

当调用OnAuthorization方法时

OnAuth方法在进程请求授权时被调用。

你会在网上找到很多材料,在这里添加一些

http://blog.tomasjansson.com/securing-your-asp-net-mvc-3-applicationhttp://schotime.net/blog/index.php/2009/02/17/custom-authorization-with-aspnet-mvc/

http://patrickdesjardins.com/blog/make-all-actions-of-controller-securized-with-authorise-filter-implicit

相关文章: