问题
I\'m writing a custom Authorization Filter for asp.net mvc 3. I need to inject a userservice into the class but I have no idea how to do this.
public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{
private IUserService userService;
private string[] roles;
public AuthorizeAttribute(params string[] roles)
{
this.roles = roles;
}
public void OnAuthorization(AuthorizationContext filterContext)
{
throw new NotImplementedException();
}
}
I\'m using ninject for dependency injection. I do not want to use a Factory or service locator pattern.
My bindings look like this in the global.acsx:
internal class SiteModule : NinjectModule
{
public override void Load()
{
Bind<IUserService>().To<UserService>();
}
}
回答1:
See this answer:
Custom Authorization MVC 3 and Ninject IoC
If you want to use constructor injection then you need to create an attribute and a filter.
///marker attribute
public class MyAuthorizeAttribute : FilterAttribute { }
//filter
public class MyAuthorizeFilter : IAuthorizationFilter
{
private readonly IUserService _userService;
public MyAuthorizeFilter(IUserService userService)
{
_userService = userService;
}
public void OnAuthorization(AuthorizationContext filterContext)
{
var validUser = _userService.CheckIsValid();
if (!validUser)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "action", "AccessDenied" }, { "controller", "Error" } });
}
}
}
Binding:
this.BindFilter<MyAuthorizeFilter>(System.Web.Mvc.FilterScope.Controller, 0).WhenControllerHas<MyAuthorizeAttribute>();
Controller:
[MyAuthorizeAttribute]
public class YourController : Controller
{
}
HTH...
回答2:
I would highly recommend B Z's answer. DO NOT use [Inject]!
I used an [Inject] like Darin Dimitrov said was possible and it actually caused threading issues under high load, high contention situations in conjunction with .InRequestScope.
B Z's way is also what is on the Wiki and I have seen many places where Remo Gloor (Ninject author) says this is the correct way to do it
https://github.com/ninject/ninject.web.mvc/wiki/Filter-configurations
Downvote [Inject] answers in here because seriously you will get burned (probably in production if you don't load test properly prior!)
回答3:
I found a simple solution for any occasion where construction is not handled by Ninject:
var session = (IMyUserService)DependencyResolver.Current.GetService(typeof (IMyUserService));
Actually this is exactly what I am using with my custom AuthorizeAttribute. Much easier than having to implement a separate FilterAttribute.
回答4:
On way would be to use a property injection and decorate the property with the [Inject] attribute:
public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{
[Inject]
public IUserService UserService { get; set; }
private string[] roles;
...
}
Constructor injection doesn't work well with attributes as you will no longer be able to decorate controllers/actions with them. You could only use constructor injection with the filter binding syntax in NInject:
public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{
private readonly IUserService userService;
private string[] roles;
public AuthorizeAttribute(IUserService userService, params string[] roles)
{
this.userService = userService;
this.roles = roles;
}
...
}
and then:
internal class SiteModule : Ninject.Modules.NinjectModule
{
public override void Load()
{
Bind<IUserService>().To<UserService>();
this.BindFilter<AuthorizeAttribute>(FilterScope.Controller, 0)
.WhenControllerType<AdminController>();
}
}
The BindFilter<> extension method is defined in the Ninject.Web.Mvc.FilterBindingSyntax namespace so make sure you have brought that into scope before calling it on a kernel.
来源:https://stackoverflow.com/questions/6193414/dependency-injection-with-ninject-and-filter-attribute-for-asp-net-mvc