使用 AuthorizeAttribute 或 IAuthorizationFilter 有什麼區別？

AuthorizeAttribute 要求您重寫 OnAuthorization 方法，而 IAuthorizationFilter 要求您實現 OnAuthorization 方法。對我來說似乎是同一件事，還有其他區別嗎？為什麼要使用一個而不是另一個？

編輯：為了澄清，我試圖了解以下兩段程式碼之間的區別。

public class PasswordExpirationCheckAttribute : AuthorizeAttribute
{
   private int _maxPasswordAgeInDays;

   public PasswordExpirationCheckAttribute(int maxPasswordAgeInDays)
   {
       _maxPasswordAgeInDays = maxPasswordAgeInDays;
   }

   public override void OnAuthorization(AuthorizationContext filterContext)
   {
       if (!filterContext.ActionDescriptor.GetCustomAttributes(typeof(BypassPasswordExpirationCheckAttribute), true).Any())
       {
           IPrincipal userPrincipal = filterContext.RequestContext.HttpContext.User;
           if (userPrincipal != null && userPrincipal.Identity.IsAuthenticated)
           {
               var userStore = new ApplicationUserStore(new IdentityDb());
               var userManager = new ApplicationUserManager(userStore);
               var user = userManager.FindByNameAsync(filterContext.RequestContext.HttpContext.User.Identity.Name).Result;

               if (user != null)
               {
                   var timeSpan = DateTime.Today.Date - user.LastPasswordChangedDate.Date;
                   if (timeSpan.TotalDays >= _maxPasswordAgeInDays)
                   {
                       HttpContextBase httpContextBase = new HttpContextWrapper(HttpContext.Current);
                       RequestContext requestContext = new RequestContext(httpContextBase, new RouteData());
                       UrlHelper urlHelper = new UrlHelper(requestContext);

                       filterContext.HttpContext.Response.Redirect(urlHelper.Action("ChangePassword", "Manage"));
                   }
               }
           }
       }            

       base.OnAuthorization(filterContext);
   }
}

和…

public class PasswordExpirationCheckAttribute : IAuthorizationFilter
{
   private int _maxPasswordAgeInDays;

   public PasswordExpirationCheckAttribute(int maxPasswordAgeInDays)
   {
       _maxPasswordAgeInDays = maxPasswordAgeInDays;
   }

   public void OnAuthorization(AuthorizationContext filterContext)
   {
       if (!filterContext.ActionDescriptor.GetCustomAttributes(typeof(BypassPasswordExpirationCheckAttribute), true).Any())
       {
           IPrincipal userPrincipal = filterContext.RequestContext.HttpContext.User;
           if (userPrincipal != null && userPrincipal.Identity.IsAuthenticated)
           {
               var userStore = new ApplicationUserStore(new IdentityDb());
               var userManager = new ApplicationUserManager(userStore);
               var user = userManager.FindByNameAsync(filterContext.RequestContext.HttpContext.User.Identity.Name).Result;

               if (user != null)
               {
                   var timeSpan = DateTime.Today.Date - user.LastPasswordChangedDate.Date;
                   if (timeSpan.TotalDays >= _maxPasswordAgeInDays)
                   {
                       HttpContextBase httpContextBase = new HttpContextWrapper(HttpContext.Current);
                       RequestContext requestContext = new RequestContext(httpContextBase, new RouteData());
                       UrlHelper urlHelper = new UrlHelper(requestContext);

                       filterContext.HttpContext.Response.Redirect(urlHelper.Action("ChangePassword", "Manage"));
                   }
               }
           }
       }            

       return;
   }
}

IAuthorizationFilter只是一個介面。它什麼也不做。如果您想使用它，您必須實現自己的授權屬性，從頭開始實現該介面。

AuthorizeAttribute，另一方面，開箱即用。它實現IAuthorizationFilter並已經滿足了開發人員的共同需求。如果您想擴展其功能，它仍然允許您覆蓋該OnAuthorization方法，但您不必這樣做，因為如果您不這樣做，它就可以正常工作。

引用自：https://stackoverflow.com/questions/27021506