授权操作过滤器和授权过滤器之间有什么区别?

[英]What is the difference between Authorize Action filter and Authorization filter?


As per the ASP.NET website

根据ASP.NET网站

The ASP.NET MVC framework includes several action filters:

ASP.NET MVC框架包括几个动作过滤器:

  1. OutputCache – This action filter caches the output of a controller action for a specified amount of time.
  2. OutputCache - 此操作过滤器将控制器操作的输出缓存指定的时间量。
  3. HandleError – This action filter handles errors raised when a controller action executes.
  4. HandleError - 此操作过滤器处理控制器操作执行时引发的错误。
  5. Authorize – This action filter enables you to restrict access to a particular user or role.
  6. 授权 - 此操作筛选器允许您限制对特定用户或角色的访问。

Also, there is a type of filter in MVC called "Authorization filter".

此外,MVC中有一种称为“授权过滤器”的过滤器。

I am confused whether [Authorize] attribute is an Action filter or Authorization filter? And when will it be executed ?

我很困惑[Authorize]属性是Action过滤器还是Authorization过滤器?什么时候会执行?

2 个解决方案

#1


5  

What is the difference between Authorize Action filter and Authorization filter?

授权操作过滤器和授权过滤器之间有什么区别?

None.

没有。

That documentation is apparently incorrect (and if you note in the table of contents, it is for version 1 and 2 of MVC, so it is also out of date).

该文档显然是不正确的(如果您在目录中注明,它是针对MVC的版本1和2,那么它也是过时的)。

AuthorizeAttribute inherits IAuthorizationFilter, so it is in fact an authorization filter, not an action filter. There is no Authorization action filter in MVC.

AuthorizeAttribute继承了IAuthorizationFilter,因此它实际上是一个授权过滤器,而不是一个动作过滤器。 MVC中没有授权操作过滤器。

Note that for MVC 3 to MVC 5 you should refer to the up-to-date Filtering in ASP.NET MVC documentation in the future.

请注意,对于MVC 3到MVC 5,您应该在将来参考ASP.NET MVC文档中的最新过滤。

And when will it be executed ?

什么时候会执行?

As per MSDN:

根据MSDN:

Filters run in the following order:

过滤器按以下顺序运行:

  1. Authorization filters
  2. 授权过滤器
  3. Action filters
  4. 动作过滤器
  5. Response filters
  6. 响应过滤器
  7. Exception filters
  8. 异常过滤器

#2


2  

I am confused whether [Authorize] attribute is an Action filter or Authorization filter?

我很困惑[Authorize]属性是Action过滤器还是Authorization过滤器?

The [Authorize] attribute is an Authorization filter, as can be seen by looking at it's source code. If you look closely, it implements the IAuthorizationFilter interface and according to the documentation, that classifies it as an Authorization filter.

[Authorize]属性是一个授权过滤器,通过查看它的源代码可以看出。如果仔细观察,它会实现IAuthorizationFilter接口,并根据文档将其归类为授权过滤器。

namespace System.Web.Mvc
{
    //
    // Summary:
    //     Specifies that access to a controller or action method is restricted to users
    //     who meet the authorization requirement.
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
    public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter
.........

When is it executed?

什么时候执行?

As per the documentation:

根据文件:

Filters are executed in the order listed above. For example, authorization filters are always executed before action filters and exception filters are always executed after every other type of filter.

过滤器按上面列出的顺序执行。例如,在操作过滤器和异常过滤器总是在每种其他类型的过滤器之后执行之前,始终执行授权过滤器。

Have a look at the current documentation for filtering in MVC: https://msdn.microsoft.com/en-us/library/gg416513(VS.98).aspx

看一下MVC过滤的当前文档:https://msdn.microsoft.com/en-us/library/gg416513(VS.98).aspx

It clearly states that the [Authorize] attribute is an Authorization filter:

它明确指出[Authorize]属性是授权过滤器:

The AuthorizeAttribute class and the RequireHttpsAttribute class are examples of an authorization filter. Authorization filters run before any other filter.

AuthorizeAttribute类和RequireHttpsAttribute类是授权过滤器的示例。授权过滤器在任何其他过滤器之前运行。


注意!

本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:http://www.itdaan.com/blog/2016/06/25/d44123e092a8f02c8929c80e94d5d35b.html



 
© 2014-2018 ITdaan.com 粤ICP备14056181号