I have some code that I am putting in the code-behind of a master page. This master page is my main layout and the purpose of the code is to check whether the user is logged in and take the appropriate action depending on whether they are or not. I would be interested in hearing alternate methods on how to approach this, but I am doing it this way for now as it is a direct port from another MVC framework, and I want to alter as little code or flow as possible during the port.
我有一些代码,我将其放在母版页的代码隐藏中。此母版页是我的主要布局,代码的目的是检查用户是否已登录并根据它们是否进行相应的操作。我有兴趣听听如何处理这个的替代方法,但我现在这样做,因为它是来自另一个MVC框架的直接端口,我想在端口期间尽可能少地改变代码或流程。
My real question is, how do I determine the name of the current controller, action, and view that are being executed? Some of the logic in the code-behind depends on knowing the current page name. To be specific, it says (pseudocode):
我真正的问题是,如何确定正在执行的当前控制器,操作和视图的名称?代码隐藏中的一些逻辑取决于知道当前页面名称。具体来说,它说(伪代码):
if (!isLoggedIn && !isLoginPage)
Redirect(loginPage);
So, I need to know whether I am on the login page already to avoid an infinite redirect loop. I am currently achieving this by examining the Url to see if it contains the string /Login/, but this is hacky and I would rather use a more robust and intelligent method.
所以,我需要知道我是否已经在登录页面上以避免无限重定向循环。我目前正在通过检查Url来查看它是否包含字符串/ Login /来实现这一点,但这很麻烦,我宁愿使用更强大和智能的方法。
3 个解决方案
#1
2
Take a look at the Authorization attribute for controllers and controllers actions. It should save you from doing anything in the code behind of the master page.
查看控制器和控制器操作的Authorization属性。它应该可以避免您在母版页后面的代码中执行任何操作。
#2
4
The best check for whether a user is logged in (assuming you're using FormsAuth) is User.Identity.IsAuthenticated which is reachable from Views or Controller.
最好检查用户是否已登录(假设您正在使用FormsAuth)是User.Identity.IsAuthenticated,可从Views或Controller访问。
Sounds to me like you need to plug in Forms auth here - it handles everything for you, including redirects. In your web.config, make sure this is added:
听起来像你需要在这里插入Forms auth - 它会为你处理一切,包括重定向。在您的web.config中,确保添加了以下内容:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login"/>
</authentication>
This tells your app you're using forms auth. Next, use an ActionFilter on the methods you wish to lock down:
这告诉您的应用您正在使用表单身份验证。接下来,对要锁定的方法使用ActionFilter:
/// <summary>
/// Default view
/// </summary>
/// <returns></returns>
[Authorize(Roles="Administrator")]
public ActionResult Index()
{
return View();
}
This will work with forms auth to make sure the user's identified. It will also append, automatically, the current URL as a Redirect and will ignore the login view - all of it's automatic and done for you.
这将与表单auth一起使用以确保用户的标识。它还会自动将当前URL作为重定向附加,并忽略登录视图 - 所有这些都是自动完成的并为您完成。
#3
1
Note there are a number of ways of passing data to master pages outlined here.
请注意,有许多方法可以将数据传递到此处概述的母版页。
#1
2
Take a look at the Authorization attribute for controllers and controllers actions. It should save you from doing anything in the code behind of the master page.
查看控制器和控制器操作的Authorization属性。它应该可以避免您在母版页后面的代码中执行任何操作。
#2
4
The best check for whether a user is logged in (assuming you're using FormsAuth) is User.Identity.IsAuthenticated which is reachable from Views or Controller.
最好检查用户是否已登录(假设您正在使用FormsAuth)是User.Identity.IsAuthenticated,可从Views或Controller访问。
Sounds to me like you need to plug in Forms auth here - it handles everything for you, including redirects. In your web.config, make sure this is added:
听起来像你需要在这里插入Forms auth - 它会为你处理一切,包括重定向。在您的web.config中,确保添加了以下内容:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login"/>
</authentication>
This tells your app you're using forms auth. Next, use an ActionFilter on the methods you wish to lock down:
这告诉您的应用您正在使用表单身份验证。接下来,对要锁定的方法使用ActionFilter:
/// <summary>
/// Default view
/// </summary>
/// <returns></returns>
[Authorize(Roles="Administrator")]
public ActionResult Index()
{
return View();
}
This will work with forms auth to make sure the user's identified. It will also append, automatically, the current URL as a Redirect and will ignore the login view - all of it's automatic and done for you.
这将与表单auth一起使用以确保用户的标识。它还会自动将当前URL作为重定向附加,并忽略登录视图 - 所有这些都是自动完成的并为您完成。
#3
1
Note there are a number of ways of passing data to master pages outlined here.
请注意,有许多方法可以将数据传递到此处概述的母版页。