堆栈内存溢出
  简体   繁体   English

如何拒绝仅访问.net MVC中的一个区域?

[英]How to deny access only one area in .net MVC?

 原文  2012-08-24 13:52:37       .net/ asp.net-mvc/ forms-authentication/ authorize-attribute

问题描述

I'm trying to deny only one area using .Net MVC 4 and I'm not getting results. 我试图使用.Net MVC 4仅拒绝一个区域,但没有得到结果。 What happens is when I put <authentication mode="Forms" /> in web.config everything is denied: all the site and is not what I want, I only want to deny the admin area. 当我将<authentication mode="Forms" />放在web.config中时,会发生什么事情,所有内容都被拒绝:所有站点,不是我想要的,我只想拒绝管理区域。

I put the AuthorizeAttribute in BaseController of my Admin area, still not working: 我将AuthorizeAttribute放在我的管理区域的BaseController中,仍然无法正常工作: 

   public class AutenticarAdminAttribute : AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);

            if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
            {
                filterContext.Result = new RedirectResult("~/admin/login");
            }
        }
    }

Global.asax: filters.Add(new AutenticarAdminAttribute()); Global.asax: filters.Add(new AutenticarAdminAttribute());

If I remove <authentication mode="Forms" /> from web.config the AuthorizeAttribute do not do the work, IsAuthenticated is always true. 如果我从web.config中删除<authentication mode="Forms" />AuthorizeAttribute不起作用,则IsAuthenticated始终为true。

And when I put again <authentication mode="Forms" /> in web.config everything is denied. 当我再次在web.config中放入<authentication mode="Forms" /> ,一切都被拒绝。

I'm not able to restrict only a area, how do? 我不能只限制一个区域,怎么办?

BaseController in Admin Area: 管理区域中的BaseController: 

[AutenticarAdmin]
public class BaseController : Controller
{
    public BaseController()
    {
    }
}

DefaultAdminController in Admin Area: 管理区域中的DefaultAdminController: 

public class DefaultController : BaseController
    {
        public ActionResult Index()
        {
            return View();
        }
    }

Public Controller: 公共主管: 

public class DefaultController : Controller
    {
        public ActionResult Index()
        {
            return View();
        }
    }

2 个解决方案

解决方案1
 0  2012-08-24 14:10:47

You are overriding OnAuthorization method and inside checking if user is IsAuthenticated. 您将覆盖OnAuthorization方法,并在内部检查用户是否为IsAuthenticated。

Authorisation and Authentication are 2 different things ! 授权和认证是两件事!

With regards to authentication, you can set default redirect url and login url in .config file (in authentication tag). 关于身份验证,您可以在.config文件(在身份验证标签中)中设置默认重定向URL和登录URL。

Hope that helps. 希望能有所帮助。

解决方案2
 0 已采纳  2012-08-24 17:50:19

Remove filters.Add(new AutenticarAdminAttribute()); 删除filters.Add(new AutenticarAdminAttribute()); from your global.asax. 从您的global.asax。 Registering global filter it will be the same as put the Attribute in all controllers of your application. 注册全局过滤器将与将属性放入应用程序的所有控制器中相同。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 .NET MVC中的拒绝文件夹和直接链接访问 - Deny Folder and direct link access in .NET MVC 阻止访问.Net MVC中的特定区域 - Prevent access to a particular AREA in .Net MVC 如何在 .net mvc 中更改 mvc controller 的区域? - How to change area of mvc controller in .net mvc? .NET MVC3 HtmlHelper编辑器用于从不同区域进行访问 - .NET MVC3 HtmlHelper EditorFor access from different area ASP.NET MVC 如何使一种方法只能由一个线程同时执行? - ASP.NET MVC How to make that one method is executed only by one thread simultaneously? 如何在我的ASP.NET MVC应用程序中设置此区域 - How to set this Area up in my ASP.NET MVC Application 如何拒绝ASP.net中的链接? - How to deny link in ASP.net? 拒绝客户端代码访问.NET中的第三方库 - Deny client code access to a third-party library in .NET ASP.NET 根据角色拒绝访问某些页面 - ASP.NET Deny Access to certain pages based on roles 在.NET Core MVC中从另一模型访问数据 - Access Data From One Model In Another In .NET Core MVC
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM