C# HttpUnauthorizedResult派生类中未调用ExecuteSult方法_C#_Asp.net_Asp.net Mvc_Asp.net Mvc 3_Digest Authentication

C# HttpUnauthorizedResult派生类中未调用ExecuteSult方法

c# asp.net asp.net-mvc asp.net-mvc-3

C# HttpUnauthorizedResult派生类中未调用ExecuteSult方法,c#,asp.net,asp.net-mvc,asp.net-mvc-3,digest-authentication,C#,Asp.net,Asp.net Mvc,Asp.net Mvc 3,Digest Authentication,我需要用ASP.NET MVC 3实现摘要身份验证。为此，我继承了AuthorizeAttribute和HttpUnauthorizedResult。代码如下： [AttributeUsage ( AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true )] public class SessionAuthorize: AuthorizeAttribute { pub

我需要用ASP.NET MVC 3实现摘要身份验证。为此，我继承了AuthorizeAttribute和HttpUnauthorizedResult。代码如下：

[AttributeUsage ( AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true )]
public class SessionAuthorize: AuthorizeAttribute {
    public override void OnAuthorization ( AuthorizationContext actionContext ) {
        try {
            if ( null != actionContext.HttpContext.Request.Headers["Authorization"] )
                // authorization is on the way
                // <...>
            else
                actionContext.Result = new HttpDigestUnauthorizedResult ();
        } catch ( Exception ex ) {
            Trace.TraceWarning ( "SessionAuthorize.OnAuthorization failed: {0}", ex.Message );
        }
        base.OnAuthorization ( actionContext );
    }
}

public class HttpDigestUnauthorizedResult: HttpUnauthorizedResult {
    public HttpDigestUnauthorizedResult () : base () {
    }
    public override void ExecuteResult ( ControllerContext context ) {
        if ( context == null )
            throw new ArgumentNullException ( "context" );
        // this is supposed to initialize digest authentification exchange
        context.HttpContext.Response.AddHeader ( "WWW-Authenticate", string.Format ( "Digest realm=\"somerealm\",qop=\"auth\",nonce=\"{0}\",opaque=\"{1}\""/*, <...>*/ ) );
        base.ExecuteResult ( context );
    }
}

public class DefaultController: Controller {
    [SessionAuthorize]
    public ViewResult Index () {
        return View ();
    }
}

所以它没有做任何特别的事情

但是，永远不会调用重写的

executesult

，只返回标准的401页。我错过了什么？应该从哪里调用执行器结果？

正确的模式是：使用

AuthorizeCore

（返回

bool

）来判断当前请求是否被授权，并在

HandleUnauthorizedRequest

方法中处理那些未经授权的请求。将所有内容都放在

OnAuthorization

中是不正确的，因为根据，在某些情况下，调用

OnCacheAuthorization

方法而不是

OnAuthorization

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    if (httpContext.Request.Headers["Authorization"] == null)
    {
        return false;
    }

    return base.AuthorizeCore(httpContext);
}

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    filterContext.Result = new HttpDigestUnauthorizedResult();
}

正确的模式是：使用

AuthorizeCore

（返回

bool

）判断当前请求是否已授权，并在

HandleUnauthorizedRequest

方法中处理这些未经授权的请求。将所有内容都放在

OnAuthorization

中是不正确的，因为根据，在某些情况下，调用

OnCacheAuthorization

方法而不是

OnAuthorization

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    if (httpContext.Request.Headers["Authorization"] == null)
    {
        return false;
    }

    return base.AuthorizeCore(httpContext);
}

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    filterContext.Result = new HttpDigestUnauthorizedResult();
}

谢谢，那正是问题所在。谢谢，那正是问题所在。