{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 女痞 的问题《AllowAnonymous vs OverrideAuthorizeAttribute》','https://www.manongdao.com/q-842815.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
What is the difference in the use of AllowAnonymous and OverrideAuthorizeAttribute. Is it same?
相关问题
- Sorting 3 numbers without branching [closed]
- Graphics.DrawImage() - Throws out of memory except
- Why am I getting UnauthorizedAccessException on th
- 求获取指定qq 资料的方法
- How to know full paths to DLL's from .csproj f
OverrideAuthorizeAttribute describes an attribute which overrides the current functionality of AuthorizeAttribute according to its implementation by any developer (IT IS NOT PROVIDED IN ANY VERSION OF .NET FRAMEWORK).
AllowAnonymousAttribute is provided by .NET to override the AuthorizeAttribute functionality in a way defined by .NET team. (IT IS PROVIDED IN .NET FRAMEWORK).
http://www.asp.net/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api
The two are different, but can have the same effect in certain circumstances. Authentication is the process of verifying the user. Overrides disable the filter of the override type at the next highest level of scope. Authorization is the process of determining if the user should have access to a specific resource. The [AllowAnonymous] attribute disables authentication such that web api will skip authentication adn authorization during an access request to a controller decorated with this attribute or to a specific action method decorated with this attribute. Consider the following Controller Class from the article listed in the link
In the above example authorized users (any identified user) have access to the post action method but no authorization is required for the Get action method.
Authorization restricts access to resource to those users that belong to those users or user roles that have been granted access. The [OverrideAuthorization] attribute disables the [Authorization] step such that any authenticated user would have access to the action method. This can be seen in the following example taken from the article.
Consider the following Controller Class:
In the above example, a user must be authenticated and have a prinicple to access any of the action methods defined by the controller. However, while only principles with a role of "Admins" can access the Post action method, any authenticated user in the Users role can access the Get action method.