[英]Securing controller action in ASP.NET MVC
In ASP.NET MVC 2, to secure controller action, i have created a class RequirePermission
inherited from ActionFilterAttribute
class. 在ASP.NET MVC 2中,为了保护控制器动作,我创建了一个从
ActionFilterAttribute
类继承的RequirePermission
类。 The controller action looks like 控制器动作看起来像
[RequirePermission(permissions="CanView")]
public ActionResult List()
{
...
}
I have an enum with name Permissions
我有一个名称为
Permissions
的枚举
public enum Permissions { CanDoEdit, CanView, CanInsert }
The RequirePermission
class looks like RequirePermission
类看起来像
public class RequirePermission : ActionFilterAttribute
{
public string permissions;
string[] param = { "," };
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
string[] requirePermissions = permissions.Split(param, StringSplitOptions.RemoveEmptyEntries);
if (requirePermissions.Contains(Permissions.CanDoEdit.ToString()))
{
//Check permission
}
if (requirePermissions.Contains(Permissions.CanView.ToString()))
{
//Check permission
}
if (requirePermissions.Contains(Permissions.CanInsert.ToString()))
{
//Check permission
}
}
}
Now instead of making different attributes , I want to use RequirePermission
attribute like [RequirePermission(permissions=Permissions.CanView+","+Permissions.CanEdit)]
so that i can use it for different scenerious. 现在,我不使用其他属性,而是要使用
RequirePermission
属性,例如[RequirePermission(permissions=Permissions.CanView+","+Permissions.CanEdit)]
以便可以将其用于不同的场景。 but the compiler throw the following error. 但是编译器抛出以下错误。
An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type 属性参数必须是属性参数类型的常量表达式,typeof表达式或数组创建表达式
How about: 怎么样:
[Flags]
public enum Permissions
{
CanDoEdit = 1 << 0,
CanView = 1 << 1,
CanInsert = 1 << 2
}
And then: 接着:
[RequirePermission(permissions = Permissions.CanView & Permissions.CanEdit)]
And finally to verify that CanView is set: 最后验证是否设置了CanView:
if ((requirePermissions & Permissions.CanView) == Permissions.CanView)
{
// The user has CanView permission
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.