2

我创建了一个自定义 Authorize 属性来通过远程 Web API 授权用户。授权后,我收到一个带有令牌的对象,该令牌在特定时间有效并用于访问更多信息,并且我还获得了一些基本的用户数据,如姓名、姓氏、角色等......我存储在 Session 中。

一切正常,但是当我尝试使用输出缓存时,我在授权核心方法中访问的会话为空,并且应用程序在那里崩溃。

如何解决这个问题,或者作为最后手段避免这个问题的替代方法?

授权属性

public class AuthorizeUser : AuthorizeAttribute
{
    private class Http401Result : ActionResult
    {
        public override void ExecuteResult(ControllerContext context)
        {
            // Set the response code to 401.
            context.HttpContext.Response.StatusCode = 401;
            context.HttpContext.Response.Write("Session expired, please log in again.");
            context.HttpContext.Response.End();
        }
    }


    private readonly string[] users;
    public AuthorizeUser(params string[] usrs)
    {
        this.users= usrs;
    }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        bool auth = false;

        var loggedInUser= httpContext.Session["LoggedInUser"] as User;

        if (loggedInUser != null)
            auth = true;

        return auth;
    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (filterContext.RequestContext.HttpContext.Request.IsAjaxRequest())
            filterContext.Result = new Http401Result();
        else
            filterContext.Result = new RedirectToRouteResult
            (
                new RouteValueDictionary
                    (
                        new
                        {
                            controller = "Account",
                            action = "Login",
                        }
                    )
            );
    }
}

控制器设置

[AuthorizeUser]
public class SomeController : Controller
{
        [HttpPost]
        [OutputCache(VaryByParam ="Year", Duration = 3600)]
        public async Task<JsonResult> SomeAction(int Year){ ... }
}
4

0 回答 0