[英]Can I override Authorizations for asp.net core with different Roles?
[Authorize(Roles = "Admin")] // only admin
public class XController : Controller
{
[Authorize(Roles = "Employee")] // only employee
public ActionResult ActionX() { ... }
}
Only admins can access the controller and only employees can access that method, I know that this structure is not the best example but I just would like to know if this is possible: :)只有管理员可以访问 controller 并且只有员工可以访问该方法,我知道这种结构不是最好的例子,但我只是想知道这是否可能::)
You absolutely can - but for your own sanity (and other developers) I would switch the Employee
role to be at the Controller
level (least permissive) and then have the more restrictive authorization on your action-by-action basis.您绝对可以 - 但为了您自己的理智(和其他开发人员),我会将
Employee
角色切换为Controller
级别(最不许可),然后根据您的逐个操作获得更严格的授权。
Straight from the MSDN docs .直接来自MSDN 文档。
You can further limit access by applying additional role authorization attributes at the action level:
您可以通过在操作级别应用其他角色授权属性来进一步限制访问:
[Authorize(Roles = "Administrator, PowerUser")]
public class ControlPanelController : Controller
{
public ActionResult SetTime()
{
}
[Authorize(Roles = "Administrator")]
public ActionResult ShutDown()
{
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.