堆栈内存溢出
  简体   繁体   English

ASP.NET身份动态角色授权

[英]ASP.NET Identity Dynamic Role Authorization

 原文  2015-12-24 15:08:57       c#/ asp.net/ asp.net-mvc/ asp.net-identity/ asp.net-identity-2

问题描述

As I am new to ASP.NET Identity, I was going through a video on MVA when Jeremy Foster asked a question when demoing that how can the following be made dynamic: 当我不熟悉ASP.NET Identity时,我正在观看有关MVA的视频,当杰里米·福斯特(Jeremy Foster)演示时提出了一个问题,即如何使以下内容动态化: 

[Authorize("Administrators, Users")]
public ActionResult SomeAction()
{
  //Access to only admins and users
}

In answer, Adam Tuliper said it could be done using Claims somehow but I am not finding anything concrete on the Internet or I might not be understanding. 对此,亚当·蒂珀勒(Adam Tuliper)表示,可以通过某种方式使用Claims来完成,但是我在Internet上找不到任何具体的东西,或者我可能不太理解。 But I would appreciate if somebody could show me how this can be done. 但是,如果有人可以向我展示如何做到这一点,我将不胜感激。

This is important because later on, I might want to allow SomeAction to be accessed by another Role and if I need to re-compile and deploy my application for that everytime then that is not good. 这很重要,因为以后,我可能希望允许另一个角色访问SomeAction ,如果每次都需要重新编译和部署我的应用程序,那将是不好的。 Also I might give the control to users to change access for other types of users. 另外,我可以将控制权交给用户,以更改其他类型用户的访问权限。

In the past I have done this by overriding Authorize attribute where I extract from cookie the user's RoleId and check from the database whether the user has access to the action being requested. 过去,我通过重写Authorize属性来做到这一点,在该属性中,我从cookie中提取用户的RoleId并从数据库中检查用户是否有权访问所请求的操作。 But not sure how it can be done using Claims. 但不确定如何使用Claims来完成。

1 个解决方案

解决方案1
 0 已采纳  2015-12-25 23:10:20

What about something like this: You could use it with a database, or simply maintain a list of authorized roles in the web.config. 诸如此类的事情是什么:您可以将其与数据库一起使用,或者仅在web.config中维护授权角色的列表。 

 [AttributeUsage(AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
    public class MyCustomAuthorizationAttribute : AuthorizeAttribute
    {
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            // Do some logic here to pull authorised roles from backing store (AppSettings, MSSQL, MySQL, MongoDB etc)
            ...
            // Check that the user belongs to one or more of these roles 
            bool isUserAuthorized = ....;

            if(isUserAuthorized) 
                return true;

            return base.AuthorizeCore(httpContext);
        }
    }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 用户角色/授权在ASP.NET标识中不起作用 - User Role/Authorization doesn't work in ASP.NET Identity ASP.NET Core 3.1 中基于角色的授权,带有身份和外部登录 - Role based authorization in ASP.NET Core 3.1 with Identity and ExternalLogin 基于角色ID的ASP.Net MVC个人(身份)授权不起作用 - ASP.Net MVC individual (identity) authorization based on role id not working ASP.NET Core Identity的IdentityServer4基于角色的授权=访问被拒绝 - IdentityServer4 Role Based Authorization for ASP.NET Core Identity = Access Denied 使用ASP.net标识禁用基于角色的授权的MVC视图中的输入字段 - Disable Input Fields in MVC View on Role Based Authorization using ASP.net Identity 通过使用JWT令牌在Web API上声明角色授权-Asp.net核心标识 - Authorization by a Claim of a Role on Web API using JWT Token- Asp.net Core Identity IdentityServer4 基于角色的 Web API 授权与 ASP.NET Core 标识 - IdentityServer4 Role Based Authorization for Web API with ASP.NET Core Identity ASP.NET中基于角色的授权 - Role based authorization in asp.net ASP.NET MVC 4中的身份验证和角色授权 - Authentication and role authorization in ASP.NET MVC 4 带有 ASP.NET 标识的自定义授权属性 - Custom Authorization attribute with ASP.NET Identity
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM