AuthorizeAttribute要求您重写OnAuthorization方法,而IAuthorizationFilter要求您实现OnAuthorization方法。在我看来,是一样的事情,还有其他区别吗?为什么一个要比另一个要用?

编辑:
为澄清起见,我试图了解以下两段代码之间的区别。

public class PasswordExpirationCheckAttribute : AuthorizeAttribute
{
    private int _maxPasswordAgeInDays;

    public PasswordExpirationCheckAttribute(int maxPasswordAgeInDays)
    {
        _maxPasswordAgeInDays = maxPasswordAgeInDays;
    }

    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (!filterContext.ActionDescriptor.GetCustomAttributes(typeof(BypassPasswordExpirationCheckAttribute), true).Any())
        {
            IPrincipal userPrincipal = filterContext.RequestContext.HttpContext.User;
            if (userPrincipal != null && userPrincipal.Identity.IsAuthenticated)
            {
                var userStore = new ApplicationUserStore(new IdentityDb());
                var userManager = new ApplicationUserManager(userStore);
                var user = userManager.FindByNameAsync(filterContext.RequestContext.HttpContext.User.Identity.Name).Result;

                if (user != null)
                {
                    var timeSpan = DateTime.Today.Date - user.LastPasswordChangedDate.Date;
                    if (timeSpan.TotalDays >= _maxPasswordAgeInDays)
                    {
                        HttpContextBase httpContextBase = new HttpContextWrapper(HttpContext.Current);
                        RequestContext requestContext = new RequestContext(httpContextBase, new RouteData());
                        UrlHelper urlHelper = new UrlHelper(requestContext);

                        filterContext.HttpContext.Response.Redirect(urlHelper.Action("ChangePassword", "Manage"));
                    }
                }
            }
        }            

        base.OnAuthorization(filterContext);
    }
}

和...
public class PasswordExpirationCheckAttribute : IAuthorizationFilter
{
    private int _maxPasswordAgeInDays;

    public PasswordExpirationCheckAttribute(int maxPasswordAgeInDays)
    {
        _maxPasswordAgeInDays = maxPasswordAgeInDays;
    }

    public void OnAuthorization(AuthorizationContext filterContext)
    {
        if (!filterContext.ActionDescriptor.GetCustomAttributes(typeof(BypassPasswordExpirationCheckAttribute), true).Any())
        {
            IPrincipal userPrincipal = filterContext.RequestContext.HttpContext.User;
            if (userPrincipal != null && userPrincipal.Identity.IsAuthenticated)
            {
                var userStore = new ApplicationUserStore(new IdentityDb());
                var userManager = new ApplicationUserManager(userStore);
                var user = userManager.FindByNameAsync(filterContext.RequestContext.HttpContext.User.Identity.Name).Result;

                if (user != null)
                {
                    var timeSpan = DateTime.Today.Date - user.LastPasswordChangedDate.Date;
                    if (timeSpan.TotalDays >= _maxPasswordAgeInDays)
                    {
                        HttpContextBase httpContextBase = new HttpContextWrapper(HttpContext.Current);
                        RequestContext requestContext = new RequestContext(httpContextBase, new RouteData());
                        UrlHelper urlHelper = new UrlHelper(requestContext);

                        filterContext.HttpContext.Response.Redirect(urlHelper.Action("ChangePassword", "Manage"));
                    }
                }
            }
        }            

        return;
    }
}

最佳答案

IAuthorizationFilter只是一个接口(interface)。它什么也没做。如果要使用它,则必须实现自己的授权属性,该属性从头开始实现该接口(interface)。

另一方面,AuthorizeAttribute开箱即用。它实现了IAuthorizationFilter并已经满足了开发人员的共同需求。如果您想扩展它的功能,它仍然允许您重写OnAuthorization方法,但是您不必这样做,因为如果不这样做,它就可以正常工作。

关于asp.net-mvc-5 - 使用AuthorizeAttribute或IAuthorizationFilter有什么区别?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/27021506/

10-17 01:45