[英]How to check user permission Role Access before executing a method in ASP.NET MVC4
I have edited my question and here is the code which I used for implementing the authentication. 我已经编辑了我的问题,这是我用于实施身份验证的代码。
Class which inherits AuthorizeAttribute. 继承AuthorizeAttribute的类。
public class FBxAuth : AuthorizeAttribute
{
public FBxAuth()
: base()
{
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool isAuthenticated = false;
if (httpContext.User.Identity.IsAuthenticated)
{
// here I will check users exists in database.
// if yes , isAuthenticated=true;
}
return isAuthenticated;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.HttpContext.Response.Redirect("/home/Register/?returningURL=" +
filterContext.HttpContext.Server.UrlEncode(filterContext.HttpContext.Request.Url.ToString()));
}
}
My controller 我的控制器
[FBxAuth]
public ActionResult Index()
{
teamDA = new TeamDataAccess();
var teams = teamDA.TeamsList();
return View(teams);
}
2.How can I check the authenticated user is authorized to execute a action in controller. 2.如何检查已认证用户是否有权在控制器中执行操作。 For eg: delete .
例如:delete。
www.abc.com/teams/5/
delete will perform delete I can hide the delete link from UI. www.abc.com/teams/5/
删除将执行删除操作我可以从UI隐藏删除链接。 But if a user tries to delete by giving url mentioned above, how can i prevent him from executing the action ? 但是,如果用户尝试通过提供上述url进行删除,那么如何防止他执行操作?
您必须执行与Index动作相同的操作,只需将[FBxAuth]
或公共[Authorize]
属性添加到您希望只允许已验证用户访问的动作即可。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.