具有角色的C#MVC简单自定义身份验证
[英]C# MVC Simple Custom Authentication with Roles
问题描述
TL;DR 
TL; DR
EDit 编辑
Basically, I just want to tell to some function : Ok, I've checked this user my self, he's ok. 基本上,我只想告诉一些功能:好的,我已经检查了这个用户的自我,他很好。 Now store some arbitrary data about him and create a session for him that gives him permissions to access certain parts of my app. 现在,存储有关他的任意数据,并为他创建一个会话,授予他访问我应用程序某些部分的权限。
something of this sort : 这种东西:
logInUserFrameworkFunction(new UserStruct(int id, string username, RolesEnum[] roles));
And than everything is handled in the background to make [Authorize(Roles = RolesEnum.Admin | RolesEnum.Manager)] attribute work. 而且,所有事情都在后台处理,以使[Authorize(Roles = RolesEnum.Admin | RolesEnum.Manager)]属性起作用。
I could make this with sessions my self but I would like to skip that part :D 我可以自己做一些会话,但是我想跳过那一部分:D
I'm playing with MVC and Entity Framework, and now I'd like to implement simple user authentication with roles. 我正在玩MVC和Entity Framework,现在我想用角色实现简单的用户身份验证。
I have User class / table in my database that looks something like this : 我的数据库中有User类/表,看起来像这样:
public class User {
int ID;
string Email;
string Password;
Role Role;
...
}
And Role class that looks like this : 和Role类看起来像这样:
public class Role {
int ID;
RoleType Type; // this is an Enum
}
public Enum RoleType {
visitor, employee, admin
}
Now, checking in login controller if user with specified username and password exists is easy, I just do something like this : 现在,在登录控制器中检查是否存在具有指定用户名和密码的用户很容易,我只是这样做:
[HttpPost]
public ActionResult LogIn(LogIn login) {
// If credentials are valid
if(new UserManager().IsValid(login.Username, login.Password)) {
var user = db.getUserByEmail(login.Username);
...
I could easily store user ID and Role in session and than check credentials by calling some function on every relevant controller but I want to use some of C# and MVC features. 我可以轻松地在会话中存储用户ID和Role ,然后通过在每个相关控制器上调用某些function来检查凭据,但是我想使用某些C#和MVC功能。
Thing is that I would rather do it with attributes, but I'm not sure how. 事情是我宁愿使用属性来做,但是我不确定如何做。
This is what I imagined it would look like : 这就是我想象的样子:
[Roles(RoleType.visitor, RoleType.employee)]
public ActionResult SomeProtectedAction() {
// only employee and visitor can access this,
// others get redirected to where ever
...
}
1 个解决方案
解决方案1
1 2016-06-24 23:55:35
You can authorize using Roles like this: 您可以使用以下角色进行授权:
[Authorize(Roles= MyEnum.Admin | MyEnum.Moderator)]
public ActionResult myAction()
{
}
The Authorize attribute is here applied at controller level, but you can apply it only to action methods, depending on your needs. 这里的Authorize属性在控制器级别应用,但是您可以根据需要将其仅应用于操作方法。
Provided you have setup your authentication logic correctly (ASP.NET Identity) which will return an authentication cookie including user roles. 只要您正确设置了身份验证逻辑(ASP.NET身份),它将返回一个包含用户角色的身份验证cookie。 Now after successful login, if you make a request to a controller method, the cookie is unpacked in the background and the User property this.User is filled with this data including roles of that user. 现在,成功登录后,如果您向控制器方法发出请求,则cookie将在后台解压缩,而User属性this.User被填充此数据(包括该用户的角色)。
The authorize attribute will do the check for you automatically. authorize属性将自动为您进行检查。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.