Asp.net mvc 5 使用AuthorizationAttribute或IAAuthorizationFilter有什么区别?
AuthorizeAttribute要求您重写OnAuthorization方法,而IAAuthorizationFilter要求您实现OnAuthorization方法。对我来说似乎是一样的,还有其他区别吗?为什么一个会被用在另一个上面 编辑: 为了澄清,我试图理解以下两段代码之间的区别Asp.net mvc 5 使用AuthorizationAttribute或IAAuthorizationFilter有什么区别?,asp.net-mvc-5,authorize-attribute,iauthorizationfilter,Asp.net Mvc 5,Authorize Attribute,Iauthorizationfilter,AuthorizeAttribute要求您重写OnAuthorization方法,而IAAuthorizationFilter要求您实现OnAuthorization方法。对我来说似乎是一样的,还有其他区别吗?为什么一个会被用在另一个上面 编辑: 为了澄清,我试图理解以下两段代码之间的区别 public class PasswordExpirationCheckAttribute : AuthorizeAttribute { private int _maxPasswordAgeInDa
public class PasswordExpirationCheckAttribute : AuthorizeAttribute
{
private int _maxPasswordAgeInDays;
public PasswordExpirationCheckAttribute(int maxPasswordAgeInDays)
{
_maxPasswordAgeInDays = maxPasswordAgeInDays;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (!filterContext.ActionDescriptor.GetCustomAttributes(typeof(BypassPasswordExpirationCheckAttribute), true).Any())
{
IPrincipal userPrincipal = filterContext.RequestContext.HttpContext.User;
if (userPrincipal != null && userPrincipal.Identity.IsAuthenticated)
{
var userStore = new ApplicationUserStore(new IdentityDb());
var userManager = new ApplicationUserManager(userStore);
var user = userManager.FindByNameAsync(filterContext.RequestContext.HttpContext.User.Identity.Name).Result;
if (user != null)
{
var timeSpan = DateTime.Today.Date - user.LastPasswordChangedDate.Date;
if (timeSpan.TotalDays >= _maxPasswordAgeInDays)
{
HttpContextBase httpContextBase = new HttpContextWrapper(HttpContext.Current);
RequestContext requestContext = new RequestContext(httpContextBase, new RouteData());
UrlHelper urlHelper = new UrlHelper(requestContext);
filterContext.HttpContext.Response.Redirect(urlHelper.Action("ChangePassword", "Manage"));
}
}
}
}
base.OnAuthorization(filterContext);
}
}
而且
public class PasswordExpirationCheckAttribute : IAuthorizationFilter
{
private int _maxPasswordAgeInDays;
public PasswordExpirationCheckAttribute(int maxPasswordAgeInDays)
{
_maxPasswordAgeInDays = maxPasswordAgeInDays;
}
public void OnAuthorization(AuthorizationContext filterContext)
{
if (!filterContext.ActionDescriptor.GetCustomAttributes(typeof(BypassPasswordExpirationCheckAttribute), true).Any())
{
IPrincipal userPrincipal = filterContext.RequestContext.HttpContext.User;
if (userPrincipal != null && userPrincipal.Identity.IsAuthenticated)
{
var userStore = new ApplicationUserStore(new IdentityDb());
var userManager = new ApplicationUserManager(userStore);
var user = userManager.FindByNameAsync(filterContext.RequestContext.HttpContext.User.Identity.Name).Result;
if (user != null)
{
var timeSpan = DateTime.Today.Date - user.LastPasswordChangedDate.Date;
if (timeSpan.TotalDays >= _maxPasswordAgeInDays)
{
HttpContextBase httpContextBase = new HttpContextWrapper(HttpContext.Current);
RequestContext requestContext = new RequestContext(httpContextBase, new RouteData());
UrlHelper urlHelper = new UrlHelper(requestContext);
filterContext.HttpContext.Response.Redirect(urlHelper.Action("ChangePassword", "Manage"));
}
}
}
}
return;
}
}
IAuthorizationFilter
只是一个接口。它什么也不做。如果您想使用它,您必须实现自己的授权属性,该属性从头开始实现该接口
另一方面,
AuthorizeAttribute
则是开箱即用的。它实现了IAuthorizationFilter
,并且已经满足了开发人员的共同需求。如果您想扩展其功能,它仍然允许您覆盖OnAuthorization
方法,但您不必这样做,因为如果您注意到authorizationattribute
实现iaauthorizationfilter
,它就可以正常工作。。一个是接口,另一个是类。@谢谢您的回复。我知道一个是接口,另一个是类(尽管我忽略了AuthrozieAttribute实现了该接口)。我的问题更多的是关于操作过滤器的实现。谢谢你的回答。你能详细解释一下“开箱即用”是什么意思吗?如果我创建一个IAuthorizationFilter并通过FilterConfig.RegisterGlobalFilters注册它,它仍然会在每个操作上被调用,而无需执行任何其他操作。我对问题进行了编辑,添加了一些代码片段。在您的示例中,您正在创建一个全新的授权过滤器,因此我将使用该界面。在您的案例中,使用AuthorizeAttribute作为基类并不会真正获得任何好处。AuthorizeAttribute()允许您基于用户/角色限制访问,而无需创建自己的授权筛选器(这就是我所说的开箱即用)啊哈好的,现在有意义了,这就是我假设您的意思,但希望确保的。谢谢你的帮助。