[英]How to deny access only one area in .net MVC?
I'm trying to deny only one area using .Net MVC 4 and I'm not getting results. 我试图使用.Net MVC 4仅拒绝一个区域,但没有得到结果。 What happens is when I put <authentication mode="Forms" />
in web.config everything is denied: all the site and is not what I want, I only want to deny the admin area. 当我将<authentication mode="Forms" />
放在web.config中时,会发生什么事情,所有内容都被拒绝:所有站点,不是我想要的,我只想拒绝管理区域。
I put the AuthorizeAttribute
in BaseController
of my Admin area, still not working: 我将AuthorizeAttribute
放在我的管理区域的BaseController
中,仍然无法正常工作:
public class AutenticarAdminAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
filterContext.Result = new RedirectResult("~/admin/login");
}
}
}
Global.asax: filters.Add(new AutenticarAdminAttribute());
Global.asax: filters.Add(new AutenticarAdminAttribute());
If I remove <authentication mode="Forms" />
from web.config the AuthorizeAttribute
do not do the work, IsAuthenticated
is always true. 如果我从web.config中删除<authentication mode="Forms" />
, AuthorizeAttribute
不起作用,则IsAuthenticated
始终为true。
And when I put again <authentication mode="Forms" />
in web.config everything is denied. 当我再次在web.config中放入<authentication mode="Forms" />
,一切都被拒绝。
I'm not able to restrict only a area, how do? 我不能只限制一个区域,怎么办?
BaseController in Admin Area: 管理区域中的BaseController:
[AutenticarAdmin]
public class BaseController : Controller
{
public BaseController()
{
}
}
DefaultAdminController in Admin Area: 管理区域中的DefaultAdminController:
public class DefaultController : BaseController
{
public ActionResult Index()
{
return View();
}
}
Public Controller: 公共主管:
public class DefaultController : Controller
{
public ActionResult Index()
{
return View();
}
}
You are overriding OnAuthorization method and inside checking if user is IsAuthenticated. 您将覆盖OnAuthorization方法,并在内部检查用户是否为IsAuthenticated。
Authorisation and Authentication are 2 different things ! 授权和认证是两件事!
With regards to authentication, you can set default redirect url and login url in .config file (in authentication tag). 关于身份验证,您可以在.config文件(在身份验证标签中)中设置默认重定向URL和登录URL。
Hope that helps. 希望能有所帮助。
Remove filters.Add(new AutenticarAdminAttribute());
删除filters.Add(new AutenticarAdminAttribute());
from your global.asax. 从您的global.asax。 Registering global filter it will be the same as put the Attribute in all controllers of your application. 注册全局过滤器将与将属性放入应用程序的所有控制器中相同。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.