堆栈内存溢出
  简体   繁体   English

mvc中的用户角色和权限

[英]user roles and permission in mvc

 原文  2015-03-25 06:46:42       c#/ asp.net-mvc

问题描述

I have a mvc application, where I have different roles of uses, and a role user have different functionality (ex: add, edit, delete,--), and a user in each role will have sub set of this functionality in this role. 我有一个mvc应用程序,我有不同的使用角色,角色用户有不同的功能(例如:添加,编辑,删除, - ),每个角色中的用户将具有此角色的此功能的子集。 I want to give permission to each user to view the pages based on this permissions. 我想授予每个用户基于此权限查看页面的权限。

What would be the best way to achieve this in mvc? 在mvc中实现这一目标的最佳方法是什么?

Thanks 谢谢

1 个解决方案

解决方案1
 13 已采纳  2015-03-25 07:26:29

In our application we have roles and each role has many functionalities. 在我们的应用程序中,我们有角色,每个角色都有许多功能。 Our goal was to control access at the functionality level instead of role level using less access to the database as possible. 我们的目标是使用尽可能少的数据库访问来控制功能级别的访问而不是角色级别。

Here is what we do: 这是我们做的:

1) At the login, we create an UserCredentials object which contains all functionalities that the user has access (based on its roles). 1)在登录时,我们创建一个UserCredentials对象,其中包含用户有权访问的所有功能(基于其角色)。 It is a "distinct" of all functionalities contained in all roles the user has access. 它是用户可以访问的所有角色中包含的所有功能的“不同”。 Then we store this UserCredentials in session. 然后我们将此UserCredentials存储在会话中。

2) To restrict access to controllers or actions, we have implemented an attribute that inherits AuthorizeAttribute and we use like: 2)为了限制对控制器或操作的访问,我们实现了一个继承AuthorizeAttribute的属性,我们使用如下: 

[Secure(Functionalities="Xyz.View,Xyz.Save")]
public ActionResult SomeAction(...){ ... }

Note that there is no database call, all we do is to check that "Xyz.View" is in the functionalities list stored in the UserCredentials. 请注意,没有数据库调用,我们所做的就是检查“Xyz.View”是否存在于UserCredentials中的功能列表中。

3) Sometimes we need to access the credentials from inside the action, so we have created another ActionFilter (global) which will inject the credentials in the action parameters for you if he finds a parameter named "credentials", for instance: 3)有时我们需要从操作内部访问凭证,因此我们创建了另一个ActionFilter(全局),如果找到名为“credentials”的参数,它将为您注入动作参数中的凭据,例如: 

public ActionResult SomeAction(UserCredentials credentials, int otherParameters)
{
    // "credentials" is populated by the global action filter  
}

You could use this to show a different view based on the user Roles or Functionalities. 您可以使用它根据用户角色或功能显示不同的视图。

4) Another scenario is when we need to hide portions of our views based on user roles or functionalities. 4)另一种情况是我们需要根据用户角色或功能隐藏部分视图。 For this, we have created a BaseViewModel which has a UserCredentials property. 为此,我们创建了一个具有UserCredentials属性的BaseViewModel。 This property is also populated by another global ActionFilter that runs AFTER the action is executed. 此属性还由另一个在执行操作后运行的全局ActionFilter填充。 If the model inherits BaseViewModel, then the filter populates UserCredentials property. 如果模型继承BaseViewModel,则过滤器将填充UserCredentials属性。 We can do something like: 我们可以这样做: 

@if(Model.UserCredentials.IsInRole("X")){
    <div>Some content</div>
}

or 要么 

@if(Model.UserCredentials.HasAccessTo("Xyz.Save")){
    <button>Save</button>
}

I hope it helps. 我希望它有所帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 mvc5中的用户角色管理 - user roles management in mvc5 MVC 5身份。 用户角色 - MVC 5 Identity. Roles for User 针对不同用户角色的基于权限的授权 - Permission based Authorization for different user roles 向用户授予创建应用程序角色的权限 - grant permission to a user to create application roles 用户和角色成表asp.net MVC - User & roles into a table asp.net mvc ASP.Net MVC用户列表及其角色 - ASP.Net MVC List of User and their Roles 忽略ASP .Net MVC 5 Identity中的用户角色 - Ignore user roles in ASP .Net MVC 5 Identity 如何在View MVC5中检查用户角色 - How to check user roles in View MVC5 以编程方式通过复选框将角色分配给MVC 4中的用户 - Programmatically Assigning Roles to User in MVC 4 via Checkboxes 从用户 MVC 5 中删除所有角色 - Remove all Roles from a user MVC 5
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM