堆栈内存溢出
  简体   繁体   English

在ASP.NET MVC中保护控制器动作

[英]Securing controller action in ASP.NET MVC

 原文  2010-02-02 11:11:21       c#/ asp.net/ asp.net-mvc-2

问题描述

In ASP.NET MVC 2, to secure controller action, i have created a class RequirePermission inherited from ActionFilterAttribute class. 在ASP.NET MVC 2中,为了保护控制器动作,我创建了一个从ActionFilterAttribute类继承的RequirePermission类。 The controller action looks like 控制器动作看起来像 

[RequirePermission(permissions="CanView")]

    public ActionResult List()
    {
       ...
    }

I have an enum with name Permissions 我有一个名称为Permissions的枚举 

public enum Permissions { CanDoEdit, CanView, CanInsert }

The RequirePermission class looks like RequirePermission类看起来像 

public class RequirePermission : ActionFilterAttribute
    {
        public string permissions;
        string[] param = { "," };
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {

            string[] requirePermissions = permissions.Split(param, StringSplitOptions.RemoveEmptyEntries);


           if (requirePermissions.Contains(Permissions.CanDoEdit.ToString()))
           {
                     //Check permission 
           }
           if (requirePermissions.Contains(Permissions.CanView.ToString()))
           {
                     //Check permission 
           }
           if (requirePermissions.Contains(Permissions.CanInsert.ToString()))
           {
                    //Check permission 
           }
        }
    }

Now instead of making different attributes , I want to use RequirePermission attribute like [RequirePermission(permissions=Permissions.CanView+","+Permissions.CanEdit)] so that i can use it for different scenerious. 现在,我不使用其他属性,而是要使用RequirePermission属性,例如[RequirePermission(permissions=Permissions.CanView+","+Permissions.CanEdit)]以便可以将其用于不同的场景。 but the compiler throw the following error. 但是编译器抛出以下错误。

An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type 属性参数必须是属性参数类型的常量表达式,typeof表达式或数组创建表达式

1 个解决方案

解决方案1
 4 已采纳  2010-02-02 11:17:21

How about: 怎么样: 

[Flags]
public enum Permissions 
{ 
    CanDoEdit = 1 << 0, 
    CanView = 1 << 1,
    CanInsert = 1 << 2
}

And then: 接着: 

[RequirePermission(permissions = Permissions.CanView & Permissions.CanEdit)]

And finally to verify that CanView is set: 最后验证是否设置了CanView: 

if ((requirePermissions & Permissions.CanView) == Permissions.CanView)
{
    // The user has CanView permission
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.NET MVC控制器中的异步操作 - Async action in asp.net mvc controller 在Asp.net MVC中保护连接字符串 - Securing Connection String In Asp.net MVC ASP.NET MVC EF安全控制器 - ASP.NET MVC EF Securing Controllers 保护JSON和ASP.NET MVC2 - Securing JSON and ASP.NET MVC2 在asp.net mvc中设置索引操作默认操作控制器 - set index action default action controller in asp.net mvc ASP.NET MVC从同一控制器发布到控制器操作 - ASP.NET MVC post to controller action from same controller ASP.NET MVC缺少默认操作仅适用于一个控制器 - ASP.NET MVC Missing Default Action only for one controller ASP.NET MVC AJAX 调用应用程序/控制器/操作? - ASP.NET MVC AJAX call Application/Controller/Action? 将接口传递给ASP.NET MVC Controller Action方法 - Passing an interface to an ASP.NET MVC Controller Action method ASP.NET MVC页面URL和控制器/操作路由 - ASP.NET MVC Page-URL and Controller/Action Routing
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM