[英]Custom MVC AuthorizeAttribute that allows for multiple role membership
I've got a custom AuthorizeAttribute class created to handle granular authorization in my MVC4 app. 我已经创建了一个自定义的AuthorizeAttribute类来处理我的MVC4应用程序中的粒度授权。
This is the class: 这是班级:
[AttributeUsage(AttributeTargets.Method, AllowMultiple = true)]
public class isAuthorized : AuthorizeAttribute
{
public oRoles enRole;
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var authorized = base.AuthorizeCore(httpContext);
string test = enRole.ToString();
if (!authorized)
{
// The user is not authenticated
return false;
}
var user = httpContext.User;
bool bFlag = AuthCheck.CheckUser(httpContext, enRole);
if (bFlag) // I know this is a lot of code; it's for debugging purposes
return true;
return false;
}
}
I've got the following enum declared to allow code helping: 我已经声明了以下枚举以允许代码帮助:
public enum oRoles
{
StudentSelfPassword = 1,
StaffSelfPassword = 2,
StudentLookup = 3,
StudentChangeRequest = 4,
StudentAdmin = 5,
StaffLookup = 6,
StaffChangeRequest = 7,
StaffAdmin = 8,
ChangeQueueApproval = 9
}
In my controller I call the AuthorizeAttribute by: 在我的控制器中,我通过以下方式调用AuthorizeAttribute:
[isAuthorized(enRole = oRoles.StudentLookup)]
[isAuthorized(enRole = oRoles.StaffLookup)]
[isAuthorized(enRole = oRoles.StudentChangeRequest)]
[isAuthorized(enRole = oRoles.StaffChangeRequest)]
When I run it through the debugger, The first isAuthorized runs and returns true (as it should) and continues to the second isAuthorized where it returns false then immediately asks me to authenticate. 当我通过调试器运行时,第一个isAuthorized运行并返回true(应该如此)并继续到第二个isAuthorized,它返回false然后立即要求我进行身份验证。 I was expecting it to allow because the first condition was true.
我期待它允许,因为第一个条件是真的。 However, it appears my assumption was not right.
但是,看来我的假设是不对的。
Originally, I had Roles = "change,admin" which were groups in the domain and it worked but the groups needed to be dynamic in their assignment and not static. 最初,我有Roles =“change,admin”,它们是域中的组并且它可以工作但是组需要在他们的任务中是动态的而不是静态的。 I was able to push multiple items ok there.
我能够在那里推出多个项目。 Is that because it was being sent as a string?
是因为它是作为字符串发送的吗?
Is there a way to essentially do a isAuthorized(...) || 有没有办法基本上做一个isAuthorized(...)|| isAuthorized(...) ||
isAuthorized(...)|| isAuthorized(...) so that if one condition is true it's validated as ok?
isAuthorized(...)如果一个条件为真,它被验证为ok?
In your attribute, rather than having a property with a single oRole, can you have a list or array of roles. 在您的属性中,您可以拥有一个列表或一组角色,而不是具有单个oRole的属性。 And rather than putting a number of attributes, decorate your method with one attribute but pass it an array of allowed roles.
而不是放置一些属性,用一个属性装饰你的方法,但是传递一组允许的角色。
[isAuthorized(enRoles = new oRoles[]{oRoles.StudentLookup, oRoles.StaffLookup })]
An example of creating an attribute that takes multiple values is here 此处创建一个采用多个值的属性的示例
Then in your authorization checking code you can check against all the allowed list that has been provided. 然后在您的授权检查代码中,您可以检查已提供的所有允许列表。 Something like the code below
类似下面的代码
bool bFlag = enRoles.ToList().Any( r => AuthCheck.CheckUser(httpContext, r));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.