[英]Asp.net mvc Identity. Logic of limiting authentications
Suppose, I have two models: 假设我有两个模型:
class Customer {
public GUID CustomerID { get; set; }
public IEnumerable<User> SubscribedUsers { get; set; }
//other fields
}
and 和
class User {
public GUID UserID { get; set; }
//other fields
}
I want to implement BL with ASP.NET Identity for limitation of auhorization: if user is in SubscribedUsers - Access is granted else - denied. 我想用ASP.NET身份实现BL,以限制权限:如果用户在SubscribedUsers中-授予访问权限-拒绝访问。
I dont ask you to implement it for me. 我不要求您为我实施它。 Just give me best practice how can I do it and where I can weite this wrap of business logic...
只要给我最佳实践,我该怎么做以及在哪里可以迭代这套业务逻辑...
I think I have to implement custom OAuthAuthorizationServerProvider
, have I? 我想我必须实现自定义
OAuthAuthorizationServerProvider
,对吗?
I think the easiest way is, to add a new Claim ( https://docs.microsoft.com/en-us/aspnet/core/security/authorization/claims ). 我认为最简单的方法是添加一个新的Claim( https://docs.microsoft.com/en-us/aspnet/core/security/authorization/claims )。 Call it SubscribedOnly and add this claim to the specified user ( How to add claims in ASP.NET Identity )
将其称为SubscribedOnly并将此声明添加到指定的用户( 如何在ASP.NET Identity中添加声明 )
In general I would try to find a built-in possibility to solve youre problem, before you try to overwrite something. 通常,在尝试覆盖某些内容之前,我会尝试找到一种内置的方法来解决您的问题。
The authorization-logic will be placed in your controller. 授权逻辑将放置在您的控制器中。 You can put this attribute [Authorize] on top of your Controller (which means that every ActionMethod is only available for logged in users) or on top of every ActionMethod which access should be secured.
您可以将此属性[Authorize]设置在Controller之上(这意味着每个ActionMethod仅适用于已登录的用户)或应确保访问权限的每个ActionMethod之上。
Working with this attribute is very easy and straightforward for a wide range of implementations!! 使用此属性非常容易,直接,适用于各种实现!!
If you´re looking for a good ressource to understand identity or to customize it, i´ll recommend John Attens blog: http://johnatten.com/?s=identity 如果您正在寻找了解身份或自定义身份的良好资源,我将推荐John Attens博客: http ://johnatten.com/?s=identity
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.