开发者

Custom Authentication asp.net MVC

开发者 https://www.devze.com 2022-12-10 13:28 出处:网络
At what point should I be checking for my cookie in my mvc app? Basically what I wish to do for each request is check to see if there is a cookie and if so show their name on the screen somewhere if n

At what point should I be checking for my cookie in my mvc app? Basically what I wish to do for each request is check to see if there is a cookie and if so show their name on the screen somewhere if not and the page requires the user to be logged in redirect them to a login page.

I DON'T want to use FormsAuthentication as I wish to create and use my own IPrinciple object I 'm just not sure whether I should be setting t开发者_运维知识库hese in a base controller class or creating my own Authorize attribute and doing the checks in there.

My initial thoughts are that I should be doing this in the base controller class as this is similar to the base page in webforms where I override oninit.


Do not attempt to do authentication in a base controller class. In a situation where an action result is cached, your action will not run at all, and no controller will ever be instantiated. Therefore, authentication done inside the controller is broken by design.

The correct way to customize authentication, for many reasons, is to create a custom authentication provider. I've explained the reasons why and given links to simple examples of how to do this in the post linked above.

In short, using this method:

  • Has the right level of modularity
  • Works with caching
  • Works with regular ASP.NET, as well as with MVC
0

精彩评论

暂无评论...
验证码 换一张
取 消