這是我Global.asax.cs
文件:當`PostAuthenticateRequest`得到執行時?
public class MvcApplication : System.Web.HttpApplication
{
public static void RegisterRoutes(RouteCollection routes)
{
...
}
protected void Application_Start()
{
this.PostAuthenticateRequest += new EventHandler(MvcApplication_PostAuthenticateRequest);
}
// This method never called by requests...
protected void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e)
{
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
var identity = new GenericIdentity(authTicket.Name, "Forms");
var principal = new GenericPrincipal(identity, new string[] { });
Context.User = principal;
}
}
}
當PostAuthenticateRequest
得到執行?
你爲什麼要對所有控制器推薦應用過濾器,當它看起來乾淨多有在事件處理程序的單一位置的變化?收益是多少? – 2011-11-21 23:49:28
對於這個例子,它可能會更有意義,以取代var identity = new GenericIdentity(authTicket.Name,「Forms」); var identity = new FormsIdentity(authTicket); – 2012-03-28 02:39:47
@zespri PostAuthenticateRequest事件可能每頁調用多次。使用自定義授權屬性可確保您的代碼僅在每個請求中被調用一次。 – Mark 2012-03-29 00:41:35