I need to create a website with non standard authorizaion logic (开发者_StackOverflow中文版or rather not exactly the site. It should be separate Area in existing ASP.NET MVC3 application). Access to most of the pages sould be available only to authorized users. Authorization is carried out on the token passed in the link. After the user arrived to this area, the token should be checked and if it’s valid site will create a session key for 30 minutes (we already have our own mechanisms of session managment and it should be used).
Workflow example : Third-party website generates a link for user, e.g. https://example.com/securedPage/?accountId=123456&token=XXXXX Our site check this token (it depends on the page from URL, in this case https://example.com/securedPage/) If the token is valid, example.com obtains a session key for the user and stores it in cookies. Then user continues browsing whole website and only session is checked.
I’m new to MVC framework, so I’d like to ask several questions about architecture. What is an apropriate place for this logic? ActionInvoker, Global.asax etc.? Currently I'm trying to create my own ActionInvoker and keep this logic there, but I'm afraid that it could be a wrong way.
If I understand correctly you want yo extend the Action of the controller to inject/check your token.
I think the global action filters should help you.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论