asp.net MVC5 - Dependency Injection and AuthorizeAttribute

后端 未结 3 2037
情话喂你
情话喂你 2021-02-13 00:42

I searched a long time for a solution for my problem. I have a custom AuthorizeAttribute that needs a Dependency to a \"Service\" that has access to a DbContext. Sadly the Depe

相关标签:
3条回答
  • 2021-02-13 01:24

    I have a custom AuthorizeAttribute that needs a Dependency to a "Service" that has access to a DbContext. Sadly the Dependency Injection did not work in the custom AuthorizeAttribute and was always null.

    An implementation of IControllerFactory in the System.Web.Mvc namespace creates instances your Controllers for web requests. The Controller Factory uses System.Web.Mvc.DependencyResolver to resolve dependencies in each controller.

    However, ActionFilters/Attributes in the MVC pipeline are not created from the Controller Factory so dependencies are not resolved using System.Web.Mvc.DependencyResolver. This is why your dependency was always null.

    Now, System.Web.Mvc.DependencyResolver is public and static so you can access it yourself.

        public class AuthorizeService : AuthorizeAttribute
        {
            private UserService UserService
            {
                get
                {
                    return DependencyResolver.Current.GetService<UserService>();
                }
            }
    
            public bool AuthorizeCore(HttpContextBase httpContext, Privilege privilege)
            {
                ApplicationUser user = UserService.FindByName(httpContext.User.Identity.Name);
                return UserService.UserHasPrivilege(user.Id, privilege.ToString());
            }
        }
    

    Assuming your UserServicehas a dependency scope of WebRequest, i.e. its lifetime is One Per web request and tied to the lifetime of HttpContext of a web request this will not construct a new UserService if one has been resolved previously or after if this is the first time UserService has been resolved for the given web request.

    0 讨论(0)
  • 2021-02-13 01:26

    You can also try this:

    ASP.NET Web API and dependencies in request scope

    public override void OnAuthorization(HttpActionContext filterContext)
    {
        var requestScope = filterContext.Request.GetDependencyScope();
        _userService = requestScope.GetService(typeof(IUserService)) as IUserService;
    }
    
    //
    // Summary:
    //     Retrieves the System.Web.Http.Dependencies.IDependencyScope for the given request
    //     or null if not available.
    //
    // Parameters:
    //   request:
    //     The HTTP request.
    //
    // Returns:
    //     The System.Web.Http.Dependencies.IDependencyScope for the given request or null
    //     if not available.
    public static IDependencyScope GetDependencyScope(this HttpRequestMessage request);
    
    0 讨论(0)
  • 2021-02-13 01:37

    In ASP.NET Core you can request services easily as below:

    public class CustomAuthAttribute : AuthorizeAttribute, IAuthorizationFilter
    {
        public async void OnAuthorization(AuthorizationFilterContext context)
        {
            // var user = context.HttpContext.User;
    
            // if (!user.Identity.IsAuthenticated)
            // {
            //     context.Result = new UnauthorizedResult();
            //     return;
            // }
    
            var userService = context.HttpContext.RequestServices.GetService(typeof(UserService)) as UserService;
        }
    }
    
    0 讨论(0)
提交回复
热议问题