my question how authorizecore method work?
for example when wanted create custom authorize attribute found lot of programmers use code
var isauthorized = base.authorizecore(httpcontext); if (!isauthorized) { return false; } and write own code.
so role piece of code plays, , method checks windows users administrator , other created users in computer management else if customize used in form authentication.
also found code not understand why developer stored user in cookie , session instead of session only.
in php used store user in session , check if exist in session or not.
it open source, code can found here:
https://github.com/asp-net-mvc/aspnetwebstack/blob/master/src/system.web.mvc/authorizeattribute.cs
and here specific method:
// method must thread-safe since called thread-safe oncacheauthorization() method. protected virtual bool authorizecore(httpcontextbase httpcontext) { if (httpcontext == null) { throw new argumentnullexception("httpcontext"); } iprincipal user = httpcontext.user; if (!user.identity.isauthenticated) { return false; } if (_userssplit.length > 0 && !_userssplit.contains(user.identity.name, stringcomparer.ordinalignorecase)) { return false; } if (_rolessplit.length > 0 && !_rolessplit.any(user.isinrole)) { return false; } return true; } hope helps.
Comments
Post a Comment