ASP.NET MVC 身份验证
[英]ASP.NET MVC Authenticate
问题描述
is it possible to create something like this i ASP.NET MVC beta 1
是否可以在 ASP.NET MVC beta 1 中创建类似这样的东西
i have tried but the我试过了,但是
override bool OnPreAction(string actionName,
System.Reflection.MethodInfo methodInfo)
does not exsist anymore and不再存在并且
override void OnActionExecuting(ActionExecutingContext filterContext)
don't give me access to the action name不要让我访问操作名称
3 个解决方案
解决方案1
5 已采纳 2008-11-25 17:54:21
In the blogpost you are referring to, the author states that在您所指的博客文章中,作者指出
One way to solve this problem is by using the attribute based security as shown on this post.
I think it's a perfectly fine way to go about it and it is supported by the framework.我认为这是一种非常好的方法,它得到了框架的支持。 It will give you a nice declarative implementation.它会给你一个很好的声明式实现。 Check out the AuthorizeAttribute in System.Web.Mvc.查看 System.Web.Mvc 中的 AuthorizeAttribute。 It will allow you to do something like this:它将允许您执行以下操作:
[Authorize(Roles="Admin, Editor")]
public ActionResult Delete(int id){
(...)
}
Since the Delete action alters the state of your system, I would also add an AcceptVerbs attribute like so:由于 Delete 操作会改变系统的状态,因此我还将添加一个 AcceptVerbs 属性,如下所示:
[AcceptVerbs(HttpVerbs.Post)]
[Authorize(Roles="Admin, Editor")]
public ActionResult Delete(int id){
(...)
}
This will make sure that the action will not accept GET requests.这将确保该操作不会接受 GET 请求。
解决方案2
1 2008-11-25 17:54:59
解决方案3
0 2008-11-25 19:02:41
What is the reasoning for not wanting to decorate your actions with an authorization attribute?不想用授权属性装饰您的操作的原因是什么? Sorry, but I think I'll have to understand your situation better, if I am to try to provide a better answer than the one already given.抱歉,但如果我要尝试提供比已经给出的答案更好的答案,我认为我必须更好地了解您的情况。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.