我应该如何检查用户是否在 MVC5 中通过了身份验证?
[英]How should I check if a user is authenticated in MVC5?
问题描述
I have seen the following two accessible booleans:
我见过以下两个可访问的布尔值:
-
System.Web.Mvc.Controller.User.Identity.IsAuthenticated -
System.Web.Mvc.Controller.Request.IsAuthenticated
Is there a difference between these.这些有区别吗。 They both seem to do the same thing so I am not sure which to use.他们似乎都在做同样的事情,所以我不确定要使用哪个。
What I would like to do is:我想做的是:
@if (User.Identity.IsAuthenticated) {
if (User.IsInRole("Admin")) {
@Html.ActionLink("Admin", "AdminController")
}
}
or或
@if (Request.IsAuthenticated) {
if (User.IsInRole("Admin")) {
@Html.ActionLink("Admin", "AdminController")
}
}
Would either of the above work equally well ?以上任何一项都同样有效吗?
3 个解决方案
解决方案1
71 已采纳 2013-09-30 06:36:48
There's no difference.没有区别。 The only difference is that if the user is not authenticated User.Identity might be null and thus you might get a NRE, whereas with the second approach, internally there's a check for this and is safer.唯一的区别是,如果用户未经身份验证User.Identity可能为空,因此您可能会获得 NRE,而使用第二种方法,内部会对此进行检查并且更安全。
Here's how the Request.IsAuthenticated method is implemented:以下是Request.IsAuthenticated方法的实现方式:
public bool IsAuthenticated
{
get
{
return this._context.User != null &&
this._context.User.Identity != null &&
this._context.User.Identity.IsAuthenticated;
}
}
Basically it's a bit safer than the first one.基本上它比第一个更安全。
解决方案2
3 2013-09-30 06:39:22
The IsAuthenticated property to determine whether the current request has been authenticated. IsAuthenticated 属性用于确定当前请求是否已通过身份验证。 If it has not been authenticated, the request is redirected to another page where users can enter their credentials into the Web application.如果尚未通过身份验证,则请求将重定向到另一个页面,用户可以在该页面将其凭据输入到 Web 应用程序中。 This is a common technique used in the default page for an application.这是应用程序默认页面中常用的技术。
but when it comes to User.Identity.IsAuthenticated但是当涉及到 User.Identity.IsAuthenticated
The User property provides programmatic access to the properties and methods of the IPrincipal interface. User 属性提供对 IPrincipal 接口的属性和方法的编程访问。 Because ASP.NET pages contain a default reference to the System.Web namespace (which contains the HttpContext class), you can reference the members of HttpContext on an .aspx page without using the fully qualified class reference to HttpContext.由于 ASP.NET 页面包含对 System.Web 命名空间(其中包含 HttpContext 类)的默认引用,因此您可以在 .aspx 页面上引用 HttpContext 的成员,而无需使用对 HttpContext 的完全限定类引用。 For example, you can use User.Identity.Name to get the name of the user on whose behalf the current process is running.例如,您可以使用User.Identity.Name来获取代表当前进程正在运行的用户的名称。 However, if you want to use the members of IPrincipal from an ASP.NET code-behind module, you must include a reference to the System.Web namespace in the module and a fully qualified reference to both the currently active request/response context and the class in System.Web that you want to use.但是,如果要使用来自 ASP.NET 代码隐藏模块的 IPrincipal 成员,则必须在模块中包含对 System.Web 命名空间的引用以及对当前活动请求/响应上下文和您要使用的 System.Web 中的类。 For example, in a code-behind page you must specify the fully qualified name例如,在代码隐藏页面中,您必须指定完全限定名称
解决方案3
1 2020-05-13 12:47:38
Based On Darin Dimitrov's Answer, You can shorten the code and use in place:根据 Darin Dimitrov 的回答,您可以缩短代码并就地使用:
if( User?.Identity != null && User.Identity.IsAuthenticated )
{
//Code Goes Here!
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.