AuthorizeCore方法如何工作？

My question is how does the AuthorizeCore method work?

我的问题是AuthorizeCore方法是如何工作的？

For example when I wanted to create custom Authorize attribute I found that a lot of programmers use this code

例如，当我想创建自定义Authorize属性时，我发现很多程序员都使用这个代码

var isAuthorized = base.AuthorizeCore(httpContext);
if (!isAuthorized)
  {
    return false;
  }

and then they write their own code.

然后他们编写自己的代码。

So what is the role that this piece of code plays, and does the method checks only for the windows users like the administrator and other created users in the computer management else if we customize it to be used in the form authentication.

那么这段代码扮演的角色是什么，并且该方法仅检查管理员和计算机管理中的其他创建用户等Windows用户，如果我们自定义它以在表单身份验证中使用。

Also I found this code but I do not understand why the developer stored the user in a cookie and session instead of the session only.

我也找到了这段代码，但我不明白为什么开发人员将用户存储在cookie和会话中而不是会话中。

In PHP I used to store the user in a session only and check if he exist in the session or not.

在PHP中，我曾经只在会话中存储用户，并检查他是否存在于会话中。

1 个解决方案

#1

It is open source, the code can be found here:

它是开源的，代码可以在这里找到：

https://github.com/ASP-NET-MVC/aspnetwebstack/blob/master/src/System.Web.Mvc/AuthorizeAttribute.cs

And here the specific method:

而这里的具体方法是：

    // This method must be thread-safe since it is called by the thread-safe OnCacheAuthorization() method.
    protected virtual bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (httpContext == null)
        {
            throw new ArgumentNullException("httpContext");
        }

        IPrincipal user = httpContext.User;
        if (!user.Identity.IsAuthenticated)
        {
            return false;
        }

        if (_usersSplit.Length > 0 && !_usersSplit.Contains(user.Identity.Name, StringComparer.OrdinalIgnoreCase))
        {
            return false;
        }

        if (_rolesSplit.Length > 0 && !_rolesSplit.Any(user.IsInRole))
        {
            return false;
        }

        return true;
    }

Hope that helps.

希望有所帮助。

#1