C# HttpUnauthorizedResult派生类中未调用ExecuteSult方法
我需要用ASP.NET MVC 3实现摘要身份验证。为此,我继承了AuthorizeAttribute和HttpUnauthorizedResult。代码如下:C# HttpUnauthorizedResult派生类中未调用ExecuteSult方法,c#,asp.net,asp.net-mvc,asp.net-mvc-3,digest-authentication,C#,Asp.net,Asp.net Mvc,Asp.net Mvc 3,Digest Authentication,我需要用ASP.NET MVC 3实现摘要身份验证。为此,我继承了AuthorizeAttribute和HttpUnauthorizedResult。代码如下: [AttributeUsage ( AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true )] public class SessionAuthorize: AuthorizeAttribute { pub
[AttributeUsage ( AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true )]
public class SessionAuthorize: AuthorizeAttribute {
public override void OnAuthorization ( AuthorizationContext actionContext ) {
try {
if ( null != actionContext.HttpContext.Request.Headers["Authorization"] )
// authorization is on the way
// <...>
else
actionContext.Result = new HttpDigestUnauthorizedResult ();
} catch ( Exception ex ) {
Trace.TraceWarning ( "SessionAuthorize.OnAuthorization failed: {0}", ex.Message );
}
base.OnAuthorization ( actionContext );
}
}
public class HttpDigestUnauthorizedResult: HttpUnauthorizedResult {
public HttpDigestUnauthorizedResult () : base () {
}
public override void ExecuteResult ( ControllerContext context ) {
if ( context == null )
throw new ArgumentNullException ( "context" );
// this is supposed to initialize digest authentification exchange
context.HttpContext.Response.AddHeader ( "WWW-Authenticate", string.Format ( "Digest realm=\"somerealm\",qop=\"auth\",nonce=\"{0}\",opaque=\"{1}\""/*, <...>*/ ) );
base.ExecuteResult ( context );
}
}
public class DefaultController: Controller {
[SessionAuthorize]
public ViewResult Index () {
return View ();
}
}
所以它没有做任何特别的事情
但是,永远不会调用重写的
executesult
,只返回标准的401页。我错过了什么?应该从哪里调用执行器结果?正确的模式是:使用AuthorizeCore
(返回bool
)来判断当前请求是否被授权,并在HandleUnauthorizedRequest
方法中处理那些未经授权的请求。将所有内容都放在OnAuthorization
中是不正确的,因为根据,在某些情况下,调用OnCacheAuthorization
方法而不是OnAuthorization
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext.Request.Headers["Authorization"] == null)
{
return false;
}
return base.AuthorizeCore(httpContext);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new HttpDigestUnauthorizedResult();
}
正确的模式是:使用
AuthorizeCore
(返回bool
)判断当前请求是否已授权,并在HandleUnauthorizedRequest
方法中处理这些未经授权的请求。将所有内容都放在OnAuthorization
中是不正确的,因为根据,在某些情况下,调用OnCacheAuthorization
方法而不是OnAuthorization
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext.Request.Headers["Authorization"] == null)
{
return false;
}
return base.AuthorizeCore(httpContext);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new HttpDigestUnauthorizedResult();
}
谢谢,那正是问题所在。谢谢,那正是问题所在。