zoukankan      html  css  js  c++  java

  • ASP.NET MVC5 Authentication Filters执行链

    注意区分认证和授权:

    The following  are the differences in short:

    1. Authentication(认证): It is a process of verification that verifies “Who you are” (it confirms that you are a valid (or invalid) user).
    2. Authorization(授权): It is a process of verification that verifies “What to do” (It confirms you are permissible to do (or not to do) that).

    另外在mvc中的认证过滤器总是优先与授权过滤器 

    Authentication filters are applied prior to any Authorization filters.

    MVC中针对授权IAuthorizationFilter提供了默认实现,即AuthorizeAttribute,没有针对IAuthenticationFilter的默认实现。

    接口IAuthenticationFilter的OnAuthentication()方法可以用于执行任何需要的身份验证,而OnAuthenticationChallenge方法基于已验证用户的身份限制其访问。

     The OnAuthentication method is executed first and can be used to perform any needed authentication. The OnAuthenticationChallenge method is used to restrict access based upon the authenticated user's principal.

    //IAuthenticationFilter提供两个方法
public void OnAuthentication(AuthenticationContext filterContext){}
public void OnAuthenticationChallenge(AuthenticationChallengeContext filterContext){}

//注意方法内,如果filterContext.Result进行了赋值(ActionResult),那么针对整个“AuthenticationFilter链”的执行将会立即中止,指定的这个ActionResult对象将用于响应当前请求。
    如果在执行过程中对AuthenticationContext.Principal属性进行了赋值(IPrincipal),该属性值将会作为当前HttpContext和当前线程的Principal

    AuthenticationFilter执行链图示

     
  • 相关阅读:
    安装EPP的调试Zend Debugger
    PHP一周学习小结
    工作小记
    JQuery实现日期联动
    编程珠玑位图法排序
    Asp.net MVC 4 异步方法
    Powershell实现创建zip压缩文件
    使用JustDecompile修改程序集
    Asp.net MVC 3 异步操作
    HTAs文件应用
  • 原文地址:https://www.cnblogs.com/imust2008/p/5292151.html
Copyright © 2011-2022 走看看