Custom AuthorizeAttribute with custom authentication

后端未结

关注

 3  1242

生来不讨喜 2020-12-31 13:34

I am using ASP.NET MVC 4 Web application as a front-end for some WCF services. All the user log in/log out and session control is done on the back-end. MVC app should only

3条回答

孤城傲影 (楼主)

2020-12-31 13:56

Regarding your first requirement:

As you already found out, OnAuthorization takes care of a number of aspects, including e.g. caching.
If you are only interested in customizing the way in which user credentials are validated, I suggest you go for overriding AuthorizeCore instead. E.g.:

public class ClientCookieAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        HttpCookie cookie = httpContext.Request.Cookies[_tokenCookieName];

        bool isAuthenticated = ValidateUserByCookie(cookie);

        return isAuthenticated;
    }

    private bool ValidateUserByCookie(HttpCookie cookie)
    {
        var result = false;
        // Perform validation
        // You could include httpContext as well, to check further information
        return result;
    }

    private static const string _tokenCookieName = "myCookieName";
}

You might also want to give a look at this other threads:

SO - Custom Authorize Attribute
ASP.NET - Custom AuthorizationFilter redirect problems
Diary of a ninja

0 讨论(0)

查看其它3个回答