我为此阅读了尽可能多的答案,但它们似乎缺少一个细节。
问题是当将 Action 过滤器(通过 Controller 注入(inject)的服务)绑定(bind)到相应的属性时,我无法弄清楚如何将参数/属性值从属性传递到其绑定(bind)过滤器。下面是代码,下面是我想要的假代码:
过滤器和属性
public class AuthorizationFilter : IAuthorizationFilter
{
private readonly IAuthorizationService _authorizationService;
private readonly UserRoles _requiredRoles; // Enum
public AuthorizationFilter(IAuthorizationService authorizationService, UserRoles requiredRoles)
{
_authorizationService = authorizationService;
_requiredRoles = requiredRoles;
}
public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Session == null)
HandleUnauthorizedRequest(filterContext);
else {
var authorized = _authorizationService.IsUserInRole((UserSessionInfoViewModel) filterContext.HttpContext.Session["user"], _requiredRoles);
if (!authorized)
HandleUnauthorizedRequest(filterContext);
// else TODO: deal with cache...
}
}
}
public class RequireRolesAttribute : FilterAttribute
{
public readonly UserRoles RequiredRoles;
public RequireRolesAttribute(UserRoles requiredRoles)
{
RequiredRoles = requiredRoles;
}
}
过滤器/属性绑定(bind)
kernel.BindFilter<AuthorizationFilter>(FilterScope.Controller, 0)
.WhenControllerHas<RequireRolesAttribute>();
kernel.BindFilter<AuthorizationFilter>(FilterScope.Action, 0)
.WhenActionMethodHas<RequireRolesAttribute>();
这应该确保任何用 [RolesRequired] 修饰的 Controller / Action 都绑定(bind)到过滤器。到现在为止还挺好。现在我想通过属性声明角色(很像股票 AuthorizeAttribute)并将这些值传递给实际执行授权的过滤器。
预期/假代码:
[RequireRoles(UserRoles.Author)]
public ActionResult Index()
{
// blah
}
具体来说,
通知 AuthorizationFilter 角色需要什么?过滤器/注入(inject)器可以访问传递给属性构造函数的参数吗?过滤器/注入(inject)器可以从属性公共(public)属性中提取它们吗?
作为引用,这些文章有很大帮助,但不要回答这一件事:
Dependency Injection with Ninject and Filter attribute for asp.net mvc
Custom Authorization MVC 3 and Ninject IoC
B Z、Remo Gloor、其他人……我怎样才能做到这一点?
最佳答案
并带上BindFilter
扩展方法进入范围不要忘记添加;
using Ninject.Web.Mvc.FilterBindingSyntax;
关于asp.net-mvc-3 - Ninject 绑定(bind)属性以使用构造函数参数进行过滤,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/8305476/