堆栈内存溢出
  简体   繁体   English

c#RoleProvider登录具有特定角色

[英]c# RoleProvider login with specific role

 原文  2012-08-06 11:13:53       c#/ roleprovider/ role

问题描述

I try to implement a login for my application. 我尝试为我的应用程序实现登录。 The user can have multiple roles (Viewer, Operator, Admin etc.). 用户可以具有多个角色(查看器,操作员,管理员等)。 But he has to choose a certain role that with which he wants to get logged in, so he probably has administratior prviliges but he can login as a "Viewer" with no admin rights. 但是他必须选择要登录的特定角色,因此他可能具有管理员权限,但可以以“查看者”的身份登录,没有管理员权限。

The problem is now that if I try to secure some functions with the RequiredRole attribute for an administrator, the user should not be able to access this function if he is logged in as viewer, even if he would have administrator rights. 现在的问题是,如果我尝试使用管理员的RequiredRole属性保护某些功能,则即使以管理员身份登录的用户也无法访问该功能。

Is such a beaviour supported from the framework or has anyone done something similar before? 框架是否支持这种行为?以前是否有人做过类似的事情?

Thanks anyway for your help 仍然感谢您的帮助

1 个解决方案

解决方案1
 0 已采纳  2012-08-06 11:26:48

You've not specified what you want to happen when he tries to do something that requires Admin when he's logged in as Viewer, but since you can implement your own Role Provider, this is easy to do. 您尚未指定当他尝试以Admin身份作为Viewer登录时尝试执行需要Admin的操作时要发生的事情,但是由于您可以实现自己的Role Provider,因此很容易做到。

You should be able to store something in the session or your user principal object stating the "available roles" (some of them won't be able to pick Administrator, for example) and then another one for Selected Role. 您应该能够在会话或用户主体对象中存储一些说明“可用角色”的内容(例如,其中一些不能选择管理员),然后再存储一个用于“选定角色”。 All you'd need to do is put some page into your site to allow the user to select their current role. 您需要做的就是在您的站点中放置一些页面,以允许用户选择其当前角色。

Since you'd be using your own Role Provider, you can just implement this to pull the relevant information out of the Session (or the User Principal) when checking roles. 由于您将使用自己的角色提供程序,因此您可以实施此操作以在检查角色时从会话(或用户主体)中提取相关信息。 You'll still be able to use the RequiredRole attribute as you like. 您仍然可以根据需要使用RequiredRole属性。

There are a few examples around of how you can change the behaviour from redirecting you to the logon form when you don't have access to redirect you to a 403 page (eg With ASP.NET membership, how can I show a 403? ). 周围有一些示例,说明当您无权将您重定向到403页面时如何更改行为(从重定向到登录表单)(例如, 使用ASP.NET成员身份,我如何显示403? ) 。 You could then show something on this page which would allow the user to switch to a higher role if they have one available. 然后,您可以在此页面上显示某些内容,如果有空的话,该页面允许用户切换到更高的角色。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 c#基于角色的登录 - c# role based login RoleProvider在C#Framework 4.0中不再可用吗? - Is RoleProvider not longer available in C# Framework 4.0? 通过单击 MVC-4 C# 中的角色列出特定角色中的用户 - List The Users in a specific Role by clicking on role in MVC-4 C# C#Active Directory,登录特定OU - C# Active Directory, Login in a specific OU 登录时获取特定列的值(C# Mysql) - Get Value of specific Column while Login (C# Mysql) 如何根据用户在Asp.net C#中的角色将用户从登录页面重定向到下一页 - how to redirect user from login page to next page base on their Role in Asp.net C# 使用c#将用户匹配到角色 - Match a User to a Role with c# MongoDB C#创建角色? - MongoDB c# create role? 只读角色c#mvc - Readonly role c# mvc 我如何确定任意DOMAIN \\ username是否在C#中扮演特定角色? - How do I find out if an arbitrary DOMAIN\username is in a specific role with C#?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM