开发者

Does MVC.NET handle roles through cookies?

开发者 https://www.devze.com 2022-12-24 15:08 出处：网络

Does MVC.NET handle Roles using cookies, or does a controller check with the Role Provider on each request?Consider this code:

相关专题：asp.net-mvc

Does MVC.NET handle Roles using cookies, or does a controller check with the Role Provider on each request? Consider this code:

[Authorize(Roles="CommentsModerator, SiteAdministrator")]
public ViewResult ApproveComment(int commentId) {
    // Implement me
}

Are roles set as a cookie when a user first lots on, or will the Authorize attribute check with the Role Provider for each call to th开发者_运维百科is action?

If it uses cookies, it'll be fast. However, it would be tricky to handle the case where a user is removed from a role unless they log out to delete the cookie.

The controller will check the role provider for each request.

You can override the default behavior with: http://msdn.microsoft.com/en-us/library/system.web.security.roles.cacherolesincookie.aspx