stackoom
  简体   繁体   中英

ASP.NET MVC AuthorizeAttribute passing values to ActionMethod?

 原文  2010-05-14 01:49:27       c#/ asp.net/ asp.net-mvc/ authorize-attribute/ actionmethod

Question

I'm only a newcomer to ASP.NET MVC and am not sure how to achieve a certain task the "right way".

Essentially, I store the logged in userId in HttpContext.User.Identity and have written an EnhancedAuthorizeAttribute to perform some custom authorization.

In the overriden OnAuthorization method, my domain model hits the database to ensure the current user id can access the passed in routeValue "BatchCode". The prototype is: 

ReviewGroup GetReviewGroupFromBatchCode(string batchCode);

It will return null if the user can't access the ReviewGroup and the OnAuthorization then denies access.

Now, I know the decorated action method will only get executed if OnAuthorization passes, but I don't want to hit the database a second time to get the ReviewGroup again.

I am thinking of storing the ReviewGroup in HttpContext.Items["reviewGroup"] and accessing this from the controller at the moment.

Is this a feasible solution, or am I on the wrong path?

Thanks!

3 answers

solution1
 1  2010-05-14 02:03:16

The HttpContext.Items is alive only for the duration of the request. If you want to persist it for a longer time, you should put it in

a) session - good

b) profile - dont see the advantage

c) cookie - not recommended

d) hit the database everytime - should be OK

Store it in filterContext.RouteData.DataTokens?

solution2
 1  2010-05-19 14:27:18

Alternatively, one of the best ways to avoid hitting the database, and easiest, is caching. Retrieve it, stick it in a cache. If it it's needed again it's already in memory and no DB hit is required. If not, then when the cache goes out of scope, so will the object.

solution3
 0  2010-05-14 02:56:59

Unless your doing a VERY big select from ReviewGroup or you have a enormous database, then a second database hit wouldn't be too much of an issue. Modern databases are very efficient at making selects, especially with properly indexed tables.

In my experience, this is the best way of doing authorisation and a similar method to how I authorized specific actions in my applications.

So in short, I wouldn't worry at all about the second database hit.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AuthorizeAttribute redirect in ASP.NET Core MVC 6 ASP.Net MVC: Can the AuthorizeAttribute be overriden? ASP.Net MVC Security AuthorizeAttribute AuthorizeAttribute and output caching in asp.net mvc 3 Redirecting user after completed ActionMethod in ASP.NET MVC How to pass model as a parameter to [HttpPost] ActionMethod in ASP.NET MVC? Use angular to post form to ASP.NET MVC ActionMethod Should this ASP.NET MVC ActionMethod have two views? asp.net MVC5 - Dependency Injection and AuthorizeAttribute ASP.NET MVC: Share data between AuthorizeAttribute and Controller
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM