zoukankan      html  css  js  c++  java
  • ASP.NET MVC5 Authentication Filters执行链

    注意区分认证和授权:

    The following  are the differences in short:

    1. Authentication(认证): It is a process of verification that verifies “Who you are” (it confirms that you are a valid (or invalid) user).
    2. Authorization(授权): It is a process of verification that verifies “What to do” (It confirms you are permissible to do (or not to do) that).

    另外在mvc中的认证过滤器总是优先与授权过滤器 

    Authentication filters are applied prior to any Authorization filters.

    MVC中针对授权IAuthorizationFilter提供了默认实现,即AuthorizeAttribute,没有针对IAuthenticationFilter的默认实现。

    接口IAuthenticationFilter的OnAuthentication()方法可以用于执行任何需要的身份验证,而OnAuthenticationChallenge方法基于已验证用户的身份限制其访问。

     The OnAuthentication method is executed first and can be used to perform any needed authentication. The OnAuthenticationChallenge method is used to restrict access based upon the authenticated user's principal.

    //IAuthenticationFilter提供两个方法
    public void OnAuthentication(AuthenticationContext filterContext){}
    public void OnAuthenticationChallenge(AuthenticationChallengeContext filterContext){}
    
    //注意方法内,如果filterContext.Result进行了赋值(ActionResult),那么针对整个“AuthenticationFilter链”的执行将会立即中止,指定的这个ActionResult对象将用于响应当前请求。
    如果在执行过程中对AuthenticationContext.Principal属性进行了赋值(IPrincipal),该属性值将会作为当前HttpContext和当前线程的Principal

    AuthenticationFilter执行链图示

     

  • 相关阅读:
    计算机网络基础
    ansible
    CDH集群日常
    漏洞挖掘学习
    JDWP
    开源安全项目调研
    SMB漏洞汇总
    Windows账户LM/NTLM
    SMB知识汇总
    Memcache未授权漏洞
  • 原文地址:https://www.cnblogs.com/imust2008/p/5292151.html
Copyright © 2011-2022 走看看