2

MVC 3,忍者 2.2。

我有一个需要临时覆盖绑定的场景。覆盖仅适用于控制器中的操作的持续时间。

我需要的是这样的:

[HttpGet, Authorize(Users="MySpecialAccount")]
public ActionResult Report(string userName) {
  var reportViewModel = new ReportViewModel();

  using(var block = Kernel.BeginBlock() {
    var principal = //load principal info based on userName;
    block.Rebind<IMyPrincipal>().ToConstant(principal);
    reportViewModel = GetViewModel(); //calls bunch of repos to hydrate view model that reference IMyPrincipal
  }

  return View(reportViewModel);
}

背景:

该应用程序使用 Windows 身份验证。我有一个加载自定义主体的自定义提供程序。我们将这个自定义主体注入到我们的 repos/services/etc 中,并帮助我们根据经过身份验证的用户加载适当的数据。长期以来,这一切都很好。现在我有一个场景,我在一个动作中使用模拟。原因可能超出范围,但基本上我使用的是 HTMLToPDF 编写器,它启动一个单独的进程以在不同的帐户下加载 HTML/Action。无论如何,因为我在这一个动作中冒充,所以我的所有存储库都无法加载正确的信息,因为发出请求的不是用户,这是有道理的。所以我发送了一个我们需要为其运行报告的“谁”参数,并且我需要临时重新绑定自定义主体。

希望这是有道理的。以下是加载自定义主体的当前代码片段。

In Global.asax:
protected void WindowsAuthentication_OnAuthenticate(Object source, WindowsAuthenticationEventArgs e)
    {

        if (e.Identity.IsAuthenticated)
        {
            //goes to db and loads additional info about logged on user. We use this info in repos/services to load correct data for logged on user.
            var principal = new PrincipalFactory().GetPrincipal(e.Identity); 

            e.User = principal;
        }
    }


//Ninject Binding    
Bind<IMyPrincipal>().ToProvider(new MyPrincipalProvider());

//Provider
public class MyPrincipalProvider : Provider<IMyPrincipal>
{
    protected override IMyPrincipal CreateInstance(IContext context)
    {
        var principal = HttpContext.Current.User as IMyPrincipal;

        return principal ?? new UnauthenticatedPrincipal(new GenericIdentity("Not Authenticated"));
    }
}

谢谢你的帮助!

4

1 回答 1

2

想到的一种可能性是使用自定义授权属性:

public class ImpersonateAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var authorized = base.AuthorizeCore(httpContext);
        if (!authorized)
        {
            return false;
        }

        string username = httpContext.User.Identity.Name;

        // or if you wanted to load the username from the request:
        // string username = httpContext.Request["username"];

        IPrincipal principal = // load principal info based on username;

        // Swap the principal for this action
        httpContext.User = principal;

        return true;
    }
}

进而:

[HttpGet]
[ImpersonateAuthorize(Users="MySpecialAccount")]
public ActionResult Report(string userName) 
{
    // Here this.User will be the custom principal you loaded in 
    // the authorize attribute

    var reportViewModel = new ReportViewModel();

    return View(reportViewModel);
}

另一种方法是在您的 DI 框架配置级别执行此操作:

public class MyPrincipalProvider : Provider<IPrincipal>
{
    protected override IPrincipal CreateInstance(IContext context)
    {
        var httpContext = HttpContext.Current;
        var rd = httpContext.Request.RequestContext.RouteData;
        var currentAction = rd.GetRequiredString("action");
        var currentController = rd.GetRequiredString("controller");
        if (string.Equals("report", currentAction, StringComparison.OrdinalIgnoreCase) &&
            string.Equals("users", currentController, StringComparison.OrdinalIgnoreCase))
        {
            IPrincipal principal = // load principal info based on username;
            return principal;
        }

        var principal = httpContext.User as IPrincipal;
        return principal ?? new UnauthenticatedPrincipal(new GenericIdentity("Not Authenticated"));
    }
}
于 2012-08-24T05:59:11.780 回答