asp.net 的认证 (authentication) 和授权 (authorization)

1.authorization是用过的，用于访问webapi是否有访问权限。

在默认管道模型的Module里，有3个(authentication)和2个authorization的Module

 
           
           
           
           
           
           
           
           
           
           
           
           
           
           

       

看看源码是什么.。。。。。待续

关于Authorization，在Webapi里用的是Basic授权

  public class BasicAuthorize : AuthorizeAttribute
    {
        public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
        {

在MVC中是

   [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true)]
    public class AuthorityFilterAttribute : AuthorizeAttribute
    {
        /// 

        /// 未登录时返还的地址
        /// 
        private string _LoginPath = "";
        public AuthorityFilterAttribute()
        {
            this._LoginPath = "/Fourth/Login";
        }

        public AuthorityFilterAttribute(string loginPath)
        {
            this._LoginPath = loginPath;
        }
        /// 

        /// 检查用户登录
        /// 
        /// 
        public override void OnAuthorization(AuthorizationContext filterContext)
        {

两个Authorization名字一样，甚至好些方法字段一样，却不一样的东西。

补充一个细节：上图右半部分看到 OnAuthorization这个方法是override修饰了的，他的父类如下，这没问题.

1.我们写的代码直接就override了。这里就是override的方法，直接override就行。就是相当于，你重写了别人，就默认让别人能重写你，除非加sealled。

2.override 只能用在虚方法或抽象方法的继承上

另外，MVC的执行顺序是 先到controller 的构造函数上，然后是判断Authorition 的执行，之后是Action 的执行。

这个在ControllerActionInvoker 的InvokerAction 方法中可以清楚的看到。

/// 
Invokes the specified action by using the specified controller context.
	/// The result of executing the action.
	/// The controller context.
	/// The name of the action to invoke.
	/// The  parameter is null.
	/// The  parameter is null or empty.
	/// The thread was aborted during invocation of the action.
	/// An unspecified error occurred during invocation of the action.
	public virtual bool InvokeAction(ControllerContext controllerContext, string actionName)
	{
		if (controllerContext == null)
		{
			throw new ArgumentNullException("controllerContext");
		}
		if (string.IsNullOrEmpty(actionName) && !controllerContext.RouteData.HasDirectRouteMatch())
		{
			throw new ArgumentException(MvcResources.Common_NullOrEmpty, "actionName");
		}
		ControllerDescriptor controllerDescriptor = this.GetControllerDescriptor(controllerContext);
		ActionDescriptor actionDescriptor = this.FindAction(controllerContext, controllerDescriptor, actionName);
		if (actionDescriptor != null)
		{
			FilterInfo filters = this.GetFilters(controllerContext, actionDescriptor);
			try
			{
				AuthenticationContext authenticationContext = this.InvokeAuthenticationFilters(controllerContext, filters.AuthenticationFilters, actionDescriptor);
				if (authenticationContext.Result != null)
				{
					AuthenticationChallengeContext authenticationChallengeContext = this.InvokeAuthenticationFiltersChallenge(controllerContext, filters.AuthenticationFilters, actionDescriptor, authenticationContext.Result);
					this.InvokeActionResult(controllerContext, authenticationChallengeContext.Result ?? authenticationContext.Result);
				}
				else
				{
					AuthorizationContext authorizationContext = this.InvokeAuthorizationFilters(controllerContext, filters.AuthorizationFilters, actionDescriptor);
					if (authorizationContext.Result != null)
					{
						AuthenticationChallengeContext authenticationChallengeContext2 = this.InvokeAuthenticationFiltersChallenge(controllerContext, filters.AuthenticationFilters, actionDescriptor, authorizationContext.Result);
						this.InvokeActionResult(controllerContext, authenticationChallengeContext2.Result ?? authorizationContext.Result);
					}
					else
					{
						if (controllerContext.Controller.ValidateRequest)
						{
							ControllerActionInvoker.ValidateRequest(controllerContext);
						}
						IDictionary parameterValues = this.GetParameterValues(controllerContext, actionDescriptor);
						ActionExecutedContext actionExecutedContext = this.InvokeActionMethodWithFilters(controllerContext, filters.ActionFilters, actionDescriptor, parameterValues);
						AuthenticationChallengeContext authenticationChallengeContext3 = this.InvokeAuthenticationFiltersChallenge(controllerContext, filters.AuthenticationFilters, actionDescriptor, actionExecutedContext.Result);
						this.InvokeActionResultWithFilters(controllerContext, filters.ResultFilters, authenticationChallengeContext3.Result ?? actionExecutedContext.Result);
					}
				}
			}
			catch (ThreadAbortException)
			{
				throw;
			}
			catch (Exception exception)
			{
				ExceptionContext exceptionContext = this.InvokeExceptionFilters(controllerContext, filters.ExceptionFilters, exception);
				if (!exceptionContext.ExceptionHandled)
				{
					throw;
				}
				this.InvokeActionResult(controllerContext, exceptionContext.Result);
			}
			return true;
		}
		return false;
	}