简体繁体 English

asp.net MVC表单身份验证自定义

[英]asp.net MVC forms authentication custom

原文 2014-12-19 13:37:30 0 1 asp.net/ asp.net-mvc/ asp.net-mvc-4

I am thinking about how to solve an authentication problem that i have. 我正在考虑如何解决我的身份验证问题。

I have a MVC-site with an admin area which is going to be used for customer-inputs and its very easy to have formsauthentication to protected the admin area but my problem is that other users could be able to edit other users stuff and thats not what i want =(. 我有一个带有管理区域的MVC站点，该区域将用于客户输入，并且非常易于进行表单身份验证来保护管理区域，但是我的问题是其他用户可以编辑其他用户的内容，而那不是我想要的=（

My previous sites only handled authentication for one site and formsauthentication handled all my problems but this site should be able to handle authentication for X users and X customers. 我以前的站点只处理一个站点的身份验证，而formsauthentication处理了我所有的问题，但是该站点应该能够处理X用户和X客户的身份验证。

For example user1 logs in to user1 admin area (mysite/customer1) but after log in changes the url to mysite/customer2 and starts editing stuff here. 例如，user1登录到user1管理区域（mysite / customer1），但登录后将URL更改为mysite / customer2，并在此处开始编辑内容。

One solution would be in global.asax and the FormsAuthentication_OnAuthenticate and check the url but there must be better approaches to this right? 一种解决方案是在global.asax和FormsAuthentication_OnAuthenticate中并检查url，但是必须有更好的方法来解决此问题？ Maybe i am missing something obvious here? 也许我在这里缺少明显的东西？

1 个解决方案

What if once the user logs in (user1) you save their userId (or some unique identifier) into a claim or session. 如果用户登录（user1）后将您的userId（或某些唯一标识符）保存到声明或会话中，该怎么办？ then just make one page mysite/customer which will read that Id and bring back just that one person's record. 然后仅将一页设为mysite / customer，即可读取该ID并带回该人的记录。 so this way the only record they will see is the one associated with their Id and you don't have to make the same pages over and over for other users, so no mysite/customer1, mysite/customer2, mysite/customer3...etc.. 因此，这样，他们将看到的唯一记录是与他们的ID相关联的记录，而您不必一遍又一遍地为其他用户制作相同的页面，因此无需mysite / customer1，mysite / customer2，mysite / customer3 ...等等..