[英]ASP.NET MVC Security - In which layer should you check if a user is authorized to view an entity?
I have a multi-layer (but not multi-tier) ASP.NET application that needs to check if the logged in user is authorized to view/edit an entity. 我有一个多层(但不是多层)的ASP.NET应用程序,需要检查登录用户是否有权查看/编辑实体。 I can think of several implementations:
我可以想到几个实现:
a) Check if the user is authorized to view/edit an entity in the UI with an ActionFilter a)检查用户是否有权使用ActionFilter在UI中查看/编辑实体
b) Check if the user is authorized to view/edity an entity in the ServiceLayer using AOP b)检查用户是否有权使用AOP查看/编辑ServiceLayer中的实体
c) Do both? c)两者都做?
If you don't agree with a), b) or c), where in the layers of my software application do you think I should be checking for user authorization? 如果您不同意a),b)或c),那么在我的软件应用程序层中,您认为我应该检查用户授权吗?
In my personal experience, on a broader level, I found a need to do both (c). 根据我的个人经验,在更广泛的层面上,我发现需要同时做到这两点(c)。 I've had to validate permissions in the action, as well as in the service layer.
我必须验证操作以及服务层中的权限。 For this specific scenario, it may make sense to have an action filter call your service layer, or check the permissions first and don't render the view/edit capability altogether.
对于此特定方案,让操作过滤器调用您的服务层或首先检查权限并且不完全呈现视图/编辑功能可能是有意义的。
You're essentially talking about granular permissions; 你基本上是在谈论细化权限; I don't know what you are using your data store for this.
我不知道你在使用数据存储的是什么。 Make sure you plan for efficiency/performance with whatever approach you take.
确保您采用任何方法计划效率/性能。
validating if the user can see the entity is too broad? 验证用户是否可以看到实体过于宽泛? what if the user can only interact with specific aspects of the entity, but not others?
如果用户只能与实体的特定方面交互,而不与其他方面交互,该怎么办?
I tend to view security as "can the user perform the requested process/action". 我倾向于将安全性视为“用户可以执行所请求的流程/操作”。 That process may interact with 1 or more entities.
该过程可以与一个或多个实体交互。
therefore I tend to authenticate a user and/or validate a context specific view models via an action filter. 因此,我倾向于通过动作过滤器对用户进行身份验证和/或验证特定于上下文的视图模型。 If the execution reaches the controller action you can assume the happy path.
如果执行到达控制器操作,您可以采用快乐路径。 all other validation/authentication would have already occurred and bypassed the action if there was a problem.
所有其他验证/身份验证都已经发生,并在出现问题时绕过该操作。
you can put [Authorize] on top of controller that you want to authorize on top of web layer, for example : you have an action : add you have a controller:area 您可以将[授权]置于要在Web层之上授权的控制器之上,例如:您有一个操作:添加您有一个控制器:区域
[Authorize]
public class areaController : Controller
{
public ActionResult add()
{
return View();
}
in this example while not logon cant add an area 在这个例子中,虽然没有登录不能添加一个区域
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.