Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Caching happens before the Action. You will likely need to customize your authorization mechanics to handle cache scenarios.</p> <p>Check out a question I posted a while back - <a href="https://stackoverflow.com/questions/8567358/mvc-custom-authentication-authorization-and-roles-implementation">MVC Custom Authentication, Authorization, and Roles Implementation</a>. </p> <p>The part I think would help you is a custom Authorize Attribute who's <code>OnAuthorize()</code> method deals with caching. </p> <p>Below is a code block for example:</p> <pre><code>/// &lt;summary&gt; /// Uses injected authorization service to determine if the session user /// has necessary role privileges. /// &lt;/summary&gt; /// &lt;remarks&gt;As authorization code runs at the action level, after the /// caching module, our authorization code is hooked into the caching /// mechanics, to ensure unauthorized users are not served up a /// prior-authorized page. /// Note: Special thanks to TheCloudlessSky on StackOverflow. /// &lt;/remarks&gt; public void OnAuthorization(AuthorizationContext filterContext) { // User must be authenticated and Session not be null if (!filterContext.HttpContext.User.Identity.IsAuthenticated || filterContext.HttpContext.Session == null) HandleUnauthorizedRequest(filterContext); else { // if authorized, handle cache validation if (_authorizationService.IsAuthorized((UserSessionInfoViewModel)filterContext.HttpContext.Session["user"], _authorizedRoles)) { var cache = filterContext.HttpContext.Response.Cache; cache.SetProxyMaxAge(new TimeSpan(0)); cache.AddValidationCallback((HttpContext context, object o, ref HttpValidationStatus status) =&gt; AuthorizeCache(context), null); } else HandleUnauthorizedRequest(filterContext); } } /// &lt;summary&gt; /// Ensures that authorization is checked on cached pages. /// &lt;/summary&gt; /// &lt;param name="httpContext"&gt;&lt;/param&gt; /// &lt;returns&gt;&lt;/returns&gt; public HttpValidationStatus AuthorizeCache(HttpContext httpContext) { if (httpContext.Session == null) return HttpValidationStatus.Invalid; return _authorizationService.IsAuthorized((UserSessionInfoViewModel) httpContext.Session["user"], _authorizedRoles) ? HttpValidationStatus.Valid : HttpValidationStatus.IgnoreThisRequest; } </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload