Is the [Authorize] attribute for ASP.NET MVC controllers only for Membership Providers?

蓝咒 提交于 2019-12-06 00:58:56

问题


Does the [Authorize] attribute used with ASP.NET MVC controllers only function with sites that have implemented a MembershipProvider?


回答1:


Short answer is no. It just checks that there is a IPrincipal, how that gets there is up to you.

I have my own login logic that I use instead of the Membership provider, once I've authenticated a user I just call the FormsAuthentication.SetAuthCookie method. Once you've done that you can then use the [Authenticate] attribute.




回答2:


The [Authorize] attribute is an action filter. It's going to grab the IPrincipal and check if the user is authenticated or if you specify roles and/or users in with the attribute, it will match against those.

There are many ways that a web request can be authenticated. Everything from Open ID to Windows Authentication. Check out this question for an OpenID example and more links to implementing authentication that way: StackOverflow Question 961468




回答3:


I'm pretty sure it does yes. I imagine you could role your own and implement a similar way of doing authentication/authorization.



来源:https://stackoverflow.com/questions/979039/is-the-authorize-attribute-for-asp-net-mvc-controllers-only-for-membership-pro

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!