如何基于用户/凭据在Web API中动态显示控制器
[英]how to display controllers dynamically in web api based on user/credentials
问题描述
I have a web api with four controllers.From the four controllers,i need to give a user access to only that one controller but ensure other users are able to access the remaining controllers. 
我有一个包含四个控制器的Web API。从这四个控制器中,我需要授予用户仅对该一个控制器的访问权限,但要确保其他用户可以访问其余的控制器。
I have used [ApiExplorerSettings(IgnoreApi = true)] attribute but wanted to have a better way to manage the controllers dynamically.The web api is accessed by two different users and i want one of the users to access only a certain controller only.Any idea how to do this? 我使用了[ApiExplorerSettings(IgnoreApi = true)]属性,但希望有一种更好的动态管理控制器的方法。Webapi被两个不同的用户访问,我希望其中一个用户只能访问某个控制器。想法该怎么做?
1 个解决方案
解决方案1
1 2017-04-26 17:43:47
You can specify users and roles in the Authorize attribute on your controllers and actions. 您可以在控制器和操作的Authorize属性中指定用户和角色。 For example: 例如:
// Restrict by user:
[Authorize(Users="Alice,Bob")]
public class ValuesController : ApiController
{
}
// Restrict by role:
[Authorize(Roles="Administrators")]
public class ValuesController : ApiController
{
}
These can be places at the class level or at the action method level. 这些可以放置在类级别或操作方法级别。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.