[英]ASP.NET Identity Dynamic Role Authorization
As I am new to ASP.NET Identity, I was going through a video on MVA when Jeremy Foster asked a question when demoing that how can the following be made dynamic: 当我不熟悉ASP.NET Identity时,我正在观看有关MVA的视频,当杰里米·福斯特(Jeremy Foster)演示时提出了一个问题,即如何使以下内容动态化:
[Authorize("Administrators, Users")]
public ActionResult SomeAction()
{
//Access to only admins and users
}
In answer, Adam Tuliper said it could be done using Claims somehow but I am not finding anything concrete on the Internet or I might not be understanding. 对此,亚当·蒂珀勒(Adam Tuliper)表示,可以通过某种方式使用Claims来完成,但是我在Internet上找不到任何具体的东西,或者我可能不太理解。 But I would appreciate if somebody could show me how this can be done.
但是,如果有人可以向我展示如何做到这一点,我将不胜感激。
This is important because later on, I might want to allow SomeAction
to be accessed by another Role and if I need to re-compile and deploy my application for that everytime then that is not good. 这很重要,因为以后,我可能希望允许另一个角色访问
SomeAction
,如果每次都需要重新编译和部署我的应用程序,那将是不好的。 Also I might give the control to users to change access for other types of users. 另外,我可以将控制权交给用户,以更改其他类型用户的访问权限。
In the past I have done this by overriding Authorize
attribute where I extract from cookie the user's RoleId and check from the database whether the user has access to the action being requested. 过去,我通过重写
Authorize
属性来做到这一点,在该属性中,我从cookie中提取用户的RoleId并从数据库中检查用户是否有权访问所请求的操作。 But not sure how it can be done using Claims. 但不确定如何使用Claims来完成。
What about something like this: You could use it with a database, or simply maintain a list of authorized roles in the web.config. 诸如此类的事情是什么:您可以将其与数据库一起使用,或者仅在web.config中维护授权角色的列表。
[AttributeUsage(AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public class MyCustomAuthorizationAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// Do some logic here to pull authorised roles from backing store (AppSettings, MSSQL, MySQL, MongoDB etc)
...
// Check that the user belongs to one or more of these roles
bool isUserAuthorized = ....;
if(isUserAuthorized)
return true;
return base.AuthorizeCore(httpContext);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.