asp.net中是否存在拒绝访问方法的一个用户或角色的注释?
[英]Does exist in asp.net an annotation for deny access to one user or role to a method?
问题描述
I guess if in asp.net mvc exixts possibility to exclude some user from access to an action method. 
我想如果在asp.net mvc exixts可能会排除一些用户访问一个动作方法。
As well the "authorize" annotazion allows users to acces some action methods: 同样,“authorize”annotazion允许用户访问一些操作方法:
[Authorize(Users="*")]
public ActionResult method1() { ... }
a similar annotation for exclude, for example: 排除的类似注释,例如:
[Deny(Users="user1")]
public ActionResult method1() { ... }
1 个解决方案
解决方案1
3 已采纳 2014-10-30 12:33:59
I don't think there is, but you can create a custom AuthorizeAttribute as simple as this: 我不认为有,但你可以像这样简单地创建一个自定义AuthorizeAttribute :
public class DenyAttribute : AuthorizeAttribute
{
private string[] deniedusers;
public CustomAuthorizeAttribute(params string[] users)
{
this.deniedusers = users;
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// you could improve this
return !this.deniedusers.Contains(httpContext.User.Identity.Name);
}
}
Or a simpler solution: 或者更简单的解决方案:
public class DenyAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return !base.AuthorizeCore(httpContext);
}
}
Then you will be able to use it exactly as in your example: 然后,您将能够像在示例中一样使用它:
[Deny(Users="user1,user2")]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.