我可以用不同的角色覆盖 asp.net 内核的授权吗?
[英]Can I override Authorizations for asp.net core with different Roles?
问题描述
[Authorize(Roles = "Admin")] // only admin
public class XController : Controller
{
[Authorize(Roles = "Employee")] // only employee
public ActionResult ActionX() { ... }
}
Only admins can access the controller and only employees can access that method, I know that this structure is not the best example but I just would like to know if this is possible: :)
只有管理员可以访问 controller 并且只有员工可以访问该方法,我知道这种结构不是最好的例子,但我只是想知道这是否可能::)
1 个解决方案
解决方案1
3 已采纳 2020-08-18 01:47:10
You absolutely can - but for your own sanity (and other developers) I would switch the Employee role to be at the Controller level (least permissive) and then have the more restrictive authorization on your action-by-action basis.您绝对可以 - 但为了您自己的理智(和其他开发人员),我会将Employee角色切换为Controller级别(最不许可),然后根据您的逐个操作获得更严格的授权。
Straight from the MSDN docs .直接来自MSDN 文档。
You can further limit access by applying additional role authorization attributes at the action level:
[Authorize(Roles = "Administrator, PowerUser")]
public class ControlPanelController : Controller
{
public ActionResult SetTime()
{
}
[Authorize(Roles = "Administrator")]
public ActionResult ShutDown()
{
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.