How should I check if a user is authenticated in MVC5?

℡╲_俬逩灬. 提交于 2019-12-20 08:33:19

问题


I have seen the following two accessible booleans:

  • System.Web.Mvc.Controller.User.Identity.IsAuthenticated
  • System.Web.Mvc.Controller.Request.IsAuthenticated

Is there a difference between these. They both seem to do the same thing so I am not sure which to use.

What I would like to do is:

@if (User.Identity.IsAuthenticated) {
  if (User.IsInRole("Admin")) {
    @Html.ActionLink("Admin", "AdminController")        
  }
}

or

@if (Request.IsAuthenticated) {
  if (User.IsInRole("Admin")) {
    @Html.ActionLink("Admin", "AdminController")        
  }
}

Would either of the above work equally well ?


回答1:


There's no difference. The only difference is that if the user is not authenticated User.Identity might be null and thus you might get a NRE, whereas with the second approach, internally there's a check for this and is safer.

Here's how the Request.IsAuthenticated method is implemented:

public bool IsAuthenticated
{
    get
    {
        return this._context.User != null && 
               this._context.User.Identity != null &&
               this._context.User.Identity.IsAuthenticated;
    }
}

Basically it's a bit safer than the first one.




回答2:


The IsAuthenticated property to determine whether the current request has been authenticated. If it has not been authenticated, the request is redirected to another page where users can enter their credentials into the Web application. This is a common technique used in the default page for an application.

but when it comes to User.Identity.IsAuthenticated

The User property provides programmatic access to the properties and methods of the IPrincipal interface. Because ASP.NET pages contain a default reference to the System.Web namespace (which contains the HttpContext class), you can reference the members of HttpContext on an .aspx page without using the fully qualified class reference to HttpContext. For example, you can use User.Identity.Name to get the name of the user on whose behalf the current process is running. However, if you want to use the members of IPrincipal from an ASP.NET code-behind module, you must include a reference to the System.Web namespace in the module and a fully qualified reference to both the currently active request/response context and the class in System.Web that you want to use. For example, in a code-behind page you must specify the fully qualified name



来源:https://stackoverflow.com/questions/19087786/how-should-i-check-if-a-user-is-authenticated-in-mvc5

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!