在asp.net MVC3网页中的经过身份验证的视图和匿名视图之间切换的最佳方法是什么?
[英]What is the best way to switch between authenticated and anonymous views in asp.net MVC3 web pages?
问题描述
I've been playing around with MVC3 for a little while and I'm thinking of putting what I've learned to use now and knocking up a genuine project using it but there's one thing that I've never really seen clearly explained or demonstrated and was hoping I could get a little feedback from the community here on the subject. 
我已经使用MVC3了一段时间,我正在考虑把我现在已经学会使用的东西,并使用它来敲一个真正的项目,但是有一件我从未真正清楚地解释过或展示过的东西希望我能从社区获得一些关于此主题的反馈。 The question is that when you have a page that can be in two states depending on whether the visitor is authenticated, what techniques should I be using to switch between the two states? 问题是,当您的页面可以根据访问者是否通过身份验证而处于两种状态时,我应该使用什么技术在两种状态之间切换? Should each page have two completely independent views and a shared model common to both views or is it best approached with partial views to control the difference between the logged in or anonymous elements? 每个页面应该具有两个完全独立的视图以及两个视图共有的共享模型,还是最好使用部分视图来控制登录元素或匿名元素之间的差异? Or would it be better to have two different models AND two different views and then switch between them at the controller stage? 还是最好有两个不同的模型和两个不同的视图,然后在控制器阶段在它们之间切换?
I can see lots of different ways that I could implement it but I've never really seen any examples or suggestions on a best-practice way of going about it and I haven't built a project big enough yet to serve as a laboratory to find out the hard way, although that IS what I'm about to embark on. 我可以看到很多的,我可以实现它不同的方式,但我从来没有真正看到的绕了一个最佳实践方式的任何实例或建议,我还没有建立一个项目足够大,还没有作为一个实验室找出困难的方法,尽管那是我要着手的。
Does anyone have any stories to tell of ways they have gone about it? 有没有人能讲述自己的经历的故事? Even "Don't do it this way" would be helpful just to thin out some of the options. 甚至“不要这样做”也将有助于减少某些选择。
The reason I ask is that I'd like to make a site that isn't completely crippled until you login and register, it drives me nuts when you can't get past the home page of a site without going through a registration process so I want to be able to serve up a "Lite" version of each page with no user-specific content even if the visitor has not authenticated and then add the extra functionality to the page when they log in. 我问的原因是,我想创建一个在您登录并注册之前不会完全瘫痪的网站,当您不经过注册过程就无法访问网站主页时,它会让我发疯。我希望能够提供每个页面的“精简版”版本,而不包含用户特定的内容,即使访问者尚未通过身份验证,然后在他们登录时向页面添加额外的功能。
I can see other questions on the same subject but they all seem to relate to iOS development so apologies if this question has been asked before but I couldn't see anything that answered my question. 我可以看到同一主题上的其他问题,但是它们似乎都与iOS开发有关,因此如果以前曾问过这个问题,我深表歉意,但我看不到任何答案。
Feedback appreciated, I'd love to hear what works and what doesn't for other people. 感谢您提供反馈,我很想听听对别人有用的东西,对其他人无效的东西。
Edit: A less ambiguous way of asking the question. 编辑:提出问题的一种不太含糊的方法。
On my home page I have a username/password box in the top corner with a "login" button and a paragraph of text in the middle of the home page. 在我的主页上,我在右上角有一个用户名/密码框,其中有一个“登录”按钮,并且在主页中间有一段文本。 When a user enters their username & Password and hits submit I want that "login" control to change to a "Welcome: {username}" message and a logout button and I want the paragraph of text on the homepage to switch to an "authenticated" message. 当用户输入用户名和密码并点击提交时,我希望该“登录”控件更改为“欢迎使用:{username}”消息和一个注销按钮,并且希望主页上的文本段落切换为“已验证” “ 信息。 What I don't know is where to make these changes to the page structure, are these two views? 我不知道要在哪里对页面结构进行这些更改,这是两个视图吗? Authenticated_Homepage and Anonymous_Homepage, do they share a single model or do I just have one homepage view and use partial views for the changing parts, or do I use roles on the controller to return different views? Authenticated_Homepage和Anonymous_Homepage,它们共享一个模型还是只拥有一个主页视图并为更改的部分使用部分视图,还是使用控制器上的角色返回不同的视图?
Just don't know which tools to use for the job to be honest. 说实话,只是不知道要使用哪些工具。
1 个解决方案
解决方案1
0 已采纳
That wouldn't be two Views. 那不是两个观点。 MVC typically uses authentication/authorization actually on the Action method level . MVC通常实际上在Action方法级别使用身份验证/授权。 But in your scenario, you'd do something like this in View code: 但是在您的情况下,您可以在View代码中执行以下操作:
@if(Request.IsAuthenticated) {
<text>Welcome <strong>@User.Identity.Name</strong>!
[ @Html.ActionLink("Log Off", "LogOff", "Account") ]</text>
}
else {
@:[ @Html.ActionLink("Log On", "LogOn", "Account") ]
}
This is pulled directly from an MVC 3 template. 这是直接从MVC 3模板中提取的。 In this case, this is Partial View code that is rendered on the _Layout.cshtml Shared View. 在这种情况下,这是在_Layout.cshtml共享视图上呈现的部分视图代码。 That way this is rendered on each page (think of _Layout as a "master page" if you are coming from a WebForms background). 这样,它将在每个页面上呈现(如果您来自WebForms背景,则将_Layout视为“母版页”)。
All the Partial View code does is test for an authenticated user. Partial View代码所做的所有工作都是针对经过身份验证的用户进行测试。 If it is an authenticated user, then there is a welcome message displayed. 如果它是经过身份验证的用户,则显示欢迎消息。 If it is not though, then there is an ActionLink() to get to the Login Action method in order to have the ability to authorize. 如果不是 ,则有一个ActionLink()可以进入Login Action方法以具有授权能力。
Typically though you'd restrict/allow users/roles to certain Action Methods, here's what you'd do: 通常,尽管您将限制/允许用户/角色使用某些操作方法,但这是您要执行的操作:
public ActionResult EverybodyCanAccess()
{
return View();
}
[Authorize]
public ActionResult OnlyAuthenticatedUsersCanAccess()
{
return View();
}
[Authorize(Roles = "Admin")]
public ActionResult OnlyAdminsCanAccess()
{
return View();
}
[Authorize(Users = "John, Bob")]
public ActionResult OnlyJohnAndBobCanAccess()
{
return View();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.