堆栈内存溢出
  简体   繁体   English

ASP .NET 4.7 MVC身份验证和授权标识

[英]ASP .NET 4.7 MVC Authentication and Authorization Identity

 原文  2018-07-07 15:54:47       c#/ asp.net/ security/ asp.net-web-api

问题描述

I am creating a MVC web API. 我正在创建一个MVC Web API。 The endpoints will be hidden behind authentication via a custom token. 端点将通过自定义令牌隐藏在身份验证后面。 However, there will also be scoping on certain individual endpoints, access to admins etc. I am trying to figure out how to create a user, or, when the user is authenticated to set him so in the authorization filter I can verify if he is an admin, or if he has read access to that particular resource at that endpoint. 但是,在某些单个端点上还将进行范围界定,访问管理员等。我试图弄清楚如何创建用户,或者,当用户通过身份验证来设置用户时,因此可以在授权过滤器中验证他是否管理员,或者他是否对该端点上的特定资源具有读取权限。

What is the best way to do this, can I set the identity principal in the authentication filter, or is there a better way ? 最好的方法是什么,可以在身份验证过滤器中设置身份主体,还是有更好的方法?

1 个解决方案

解决方案1
 1 已采纳  2018-07-07 20:29:03

you can used the [Authorize] Attribute my friend , 您可以使用[Authorize]属性我的朋友,

first : add the AuthorizeAttribute filter to the global filter list: 首先:将AuthorizeAttribute过滤器添加到全局过滤器列表中: 

 public static void Register(HttpConfiguration config)
    {
        config.Filters.Add(new AuthorizeAttribute());
    }

second : to secure your controller ,add the filter as an attribute to the controller 第二:为了保护您的控制器,请将过滤器作为属性添加到控制器 

// Require authorization for all actions on the controller.
[Authorize]
public class ValuesController : ApiController
{
    public HttpResponseMessage Get(int id) { ... }
    public HttpResponseMessage Post() { ... }
}

three to secure your action , add the attribute to the action method: 为了保护您的操作,请在属性中添加三个属性: 

public class ValuesController : ApiController
{
    public HttpResponseMessage Get() { ... }

    // Require authorization for a specific action.
    [Authorize]
    public HttpResponseMessage Post() { ... }
}

i advise you to visit this 2 link can help you more: 我建议您访问此2链接可以为您提供更多帮助:

Authentication and Authorization in ASP.NET Web API ASP.NET Web API中的身份验证和授权
MVC Web API: Authorization & Authentication MVC Web API:授权和身份验证

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在没有身份的asp.net MVC中实现自定义身份验证/授权? - How can I implement custom authentication/authorization in asp.net MVC without Identity? ASP.Net MVC 6身份验证和授权 - ASP.Net MVC 6 authentication and authorization ASP.NET MVC 4中的身份验证和角色授权 - Authentication and role authorization in ASP.NET MVC 4 ASP.NET MVC 4中的身份验证和授权 - Authentication and authorization in ASP.NET MVC 4 ASP.Net MVC要求授权和身份验证 - ASP.Net MVC claims authorization and authentication ASP.NET MVC中的身份cookie身份验证 - Identity cookie authentication in ASP.NET MVC 在ASP.NET中使用Identity 2.1进行用户身份验证和授权 - Using Identity 2.1 in ASP.NET for Authentication and Authorization of users 带有ASP.NET CORE 1.0的Identity Server 3身份验证/授权 - Identity Server 3 Authentication/Authorization, with ASP.NET CORE 1.0 如何在ASP Net 4.7 MVC应用程序中获取Identity Server 4的access_token - How to get Identity Server 4's access_token in ASP Net 4.7 MVC Application ASP.NET MVC5中的自定义身份验证和授权? - Custom authentication and authorization in ASP.NET MVC5?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM