简体繁体 English

MVC 4 Intranet应用程序授权机制

[英]MVC 4 intranet application authorization mechanism

原文 2013-11-29 07:37:12 9 2 c#/ asp.net-mvc/ asp.net-mvc-4/ asp.net-web-api/ authorization

I'm writing an intranet application using MVC4 and designed as SPA application. 我正在使用MVC4编写一个Intranet应用程序，并设计为SPA应用程序。
The application assumptions are that there is no SSO and the users will be stored at the SQL DB. 应用程序假设没有SSO，并且用户将存储在SQL DB中。
I'm not interested in open authorization with external accounts. 我对外部帐户的开放授权不感兴趣。 (As demonstrated in the SPA template). （如SPA模板所示）。
The users will have some custom fields (Mobile, Email etc.) 用户将具有一些自定义字段（手机，电子邮件等）
Most of the actions are limited to certain roles. 大多数动作仅限于某些角色。
I'm looking for the most built-in mechanims the achieve it. 我正在寻找实现它的最内置的机制。
I want to use the AutorizeFilter and avoid any custom implmenetations if possible. 我想使用AutorizeFilter并尽可能避免使用任何自定义导入。
Mention that some of the actions are WebAPI in REST Services in the application. 提及某些操作是应用程序中REST Services中的WebAPI。
I didn't find a good "end to end" article that demonstrates how to implement and manage users and roles. 我找不到很好的“端到端”文章来演示如何实现和管理用户和角色。
Is there a template that comes with login views, models etc. and is there supporting UI for managing users and roles? 是否存在登录视图，模型等随附的模板，并且是否存在用于管理用户和角色的支持UI？
I'm using MVC 4, EF 6.0.1 amd can use the most advanced components. 我正在使用MVC 4，EF 6.0.1 amd可以使用最先进的组件。 (No limiting legacy :-) ) （没有限制的遗产：-））
Any leads will highly appreciate. 任何潜在客户将不胜感激。
Thanks in advance! 提前致谢！ Yaron. 亚龙。

2 个解决方案

In a recent similar project (MVC4, intranet, EF CF) I had a STI on the users hierarchy, and the discriminator field (which in fact is the "type" of the entity) was used to manage permissions. 在最近的类似项目（MVC4，Intranet，EF CF）中，我在用户层次结构上有一个STI，区分符字段（实际上是实体的“类型”）用于管理权限。 I made like 3-4 simple filters (like "AdminFilter", "ManagerFilter") and authorized the actions using those filters. 我制作了3-4个简单的过滤器（例如“ AdminFilter”，“ ManagerFilter”），并使用这些过滤器授权了操作。 It was really quick. 真的很快。

I'm looking for the most built-in mechanims the achieve it. 我正在寻找实现它的最内置的机制。

I've looked for something like that, but didn't find it. 我一直在寻找类似的东西，但是没有找到。 Well, maybe I didn't look for it that much. 好吧，也许我没有那么期待。

I hope it will help someone... 我希望它可以帮助某人...
At first I have read this great article: 首先，我读了这篇很棒的文章：
http://blog.longle.net/2012/09/25/seeding-users-and-roles-with-mvc4-simplemembershipprovider-simpleroleprovider-ef5-codefirst-and-custom-user-properties http://blog.longle.net/2012/09/25/seeding-users-and-roles-with-mvc4-simplemembershipprovider-simpleroleprovider-ef5-codefirst-and-custom-user-properties
I have used simple membership and role and then used the role name as a key in an entity that extends the role with extra information. 我使用了简单的成员资格和角色，然后将角色名称用作扩展角色（带有更多信息）的实体中的键。
I didn't use the Authorize filter and created custom filter that implements "Feature based authorization". 我没有使用Authorize过滤器，而没有创建实现“基于功能的授权”的自定义过滤器。
The main idea is that the authorization meachnism is a set of features. 主要思想是授权机制是一组功能。
A feature is an activity that some roles can perform while others can't. 功能是一些角色可以执行而其他角色则不能执行的活动。
This is a much better architecture that is easier to manage mentain and extend. 这是一个更好的体系结构，更易于管理和扩展。