How should I check if a user is authenticated in M

2019-03-08 09:55发布

I have seen the following two accessible booleans:

  • System.Web.Mvc.Controller.User.Identity.IsAuthenticated
  • System.Web.Mvc.Controller.Request.IsAuthenticated

Is there a difference between these. They both seem to do the same thing so I am not sure which to use.

What I would like to do is:

@if (User.Identity.IsAuthenticated) {
  if (User.IsInRole("Admin")) {
    @Html.ActionLink("Admin", "AdminController")        
  }
}

or

@if (Request.IsAuthenticated) {
  if (User.IsInRole("Admin")) {
    @Html.ActionLink("Admin", "AdminController")        
  }
}

Would either of the above work equally well ?

2条回答
姐就是有狂的资本
2楼-- · 2019-03-08 10:14

The IsAuthenticated property to determine whether the current request has been authenticated. If it has not been authenticated, the request is redirected to another page where users can enter their credentials into the Web application. This is a common technique used in the default page for an application.

but when it comes to User.Identity.IsAuthenticated

The User property provides programmatic access to the properties and methods of the IPrincipal interface. Because ASP.NET pages contain a default reference to the System.Web namespace (which contains the HttpContext class), you can reference the members of HttpContext on an .aspx page without using the fully qualified class reference to HttpContext. For example, you can use User.Identity.Name to get the name of the user on whose behalf the current process is running. However, if you want to use the members of IPrincipal from an ASP.NET code-behind module, you must include a reference to the System.Web namespace in the module and a fully qualified reference to both the currently active request/response context and the class in System.Web that you want to use. For example, in a code-behind page you must specify the fully qualified name

查看更多
男人必须洒脱
3楼-- · 2019-03-08 10:25

There's no difference. The only difference is that if the user is not authenticated User.Identity might be null and thus you might get a NRE, whereas with the second approach, internally there's a check for this and is safer.

Here's how the Request.IsAuthenticated method is implemented:

public bool IsAuthenticated
{
    get
    {
        return this._context.User != null && 
               this._context.User.Identity != null &&
               this._context.User.Identity.IsAuthenticated;
    }
}

Basically it's a bit safer than the first one.

查看更多
登录 后发表回答