zoukankan      html  css  js  c++  java
  • ASP.NET MVC5 Authentication Filters执行链

    注意区分认证和授权:

    The following  are the differences in short:

    1. Authentication(认证): It is a process of verification that verifies “Who you are” (it confirms that you are a valid (or invalid) user).
    2. Authorization(授权): It is a process of verification that verifies “What to do” (It confirms you are permissible to do (or not to do) that).

    另外在mvc中的认证过滤器总是优先与授权过滤器 

    Authentication filters are applied prior to any Authorization filters.

    MVC中针对授权IAuthorizationFilter提供了默认实现,即AuthorizeAttribute,没有针对IAuthenticationFilter的默认实现。

    接口IAuthenticationFilter的OnAuthentication()方法可以用于执行任何需要的身份验证,而OnAuthenticationChallenge方法基于已验证用户的身份限制其访问。

     The OnAuthentication method is executed first and can be used to perform any needed authentication. The OnAuthenticationChallenge method is used to restrict access based upon the authenticated user's principal.

    //IAuthenticationFilter提供两个方法
    public void OnAuthentication(AuthenticationContext filterContext){}
    public void OnAuthenticationChallenge(AuthenticationChallengeContext filterContext){}
    
    //注意方法内,如果filterContext.Result进行了赋值(ActionResult),那么针对整个“AuthenticationFilter链”的执行将会立即中止,指定的这个ActionResult对象将用于响应当前请求。
    如果在执行过程中对AuthenticationContext.Principal属性进行了赋值(IPrincipal),该属性值将会作为当前HttpContext和当前线程的Principal

    AuthenticationFilter执行链图示

     

  • 相关阅读:
    js 右击
    javascript 中的函数,控制流, 事件委托
    javascript 的 this , js 线程
    javascript 中的var : 隐含变量 全局变量 变量提升
    明日
    ajax循环json 中的 for(var prop in data) 与 hasProperty()
    js继承机制
    callee, caller,toString(),String()
    解决eclipse中jsp下无代码提示问题
    商业模式
  • 原文地址:https://www.cnblogs.com/imust2008/p/5292151.html
Copyright © 2011-2022 走看看