[英]ASP.NET Identity - How to allow access to ONLY the logged in User?
我有一个StudentController页面,我只想显示当前登录用户的信息。就像现在,当一个学生登录其帐户时,他能够看到大学中所有学生的列表。
我只想将视图限制为他的帐户。 我正在尝试使用Controller中的Index方法,但是当我尝试通过User.Identity.GetUserId() select s;
获取学生时,我遇到了PagedList View的问题User.Identity.GetUserId() select s;
而不是studentRepository.GetStudents()
。
// GET: /Student/
public ViewResult Index(string sortOrder, string currentFilter, string searchString, int? page)
{
ViewBag.CurrentSort = sortOrder;
ViewBag.NameSortParm = String.IsNullOrEmpty(sortOrder) ? "name_desc" : "";
ViewBag.DateSortParm = sortOrder == "Date" ? "date_desc" : "Date";
if (searchString != null)
{
page = 1;
}
else
{
searchString = currentFilter;
}
ViewBag.CurrentFilter = searchString;
//var students = from s in User.Identity.GetUserId() select s;
var students = from s in studentRepository.GetStudents()
select s;
if (!String.IsNullOrEmpty(searchString))
{
students = students.Where(s => s.LastName.ToUpper().Contains(searchString.ToUpper())
|| s.FirstMidName.ToUpper().Contains(searchString.ToUpper()));
}
switch (sortOrder)
{
case "name_desc":
students = students.OrderByDescending(s => s.LastName);
break;
case "Date":
students = students.OrderBy(s => s.EnrollmentDate);
break;
case "date_desc":
students = students.OrderByDescending(s => s.EnrollmentDate);
break;
default: // Name ascending
students = students.OrderBy(s => s.LastName);
break;
}
int pageSize = 3;
int pageNumber = (page ?? 1);
return View(students.ToPagedList(pageNumber, pageSize));
}
//
// GET: /Student/Details/5
public ViewResult Details(int id)
{
Student student = studentRepository.GetStudentByID(id);
return View(student);
}
您可以在linq查询中放置where子句,以仅显示该学生的信息:
var loggedInStudentId = User.Identity.GetUserId();
from s in studentRepository.GetStudents()
where s.StudentId == loggedInStudentId
select s
您可以检查用户是否不是管理员,然后仅显示自己的记录,例如:
var students = from s in studentRepository.GetStudents()
select s;
if(!User.IsInRole("Admin"))
{
var loggedInStudentId = User.Identity.GetUserId();
students = students.Where(x=>x.StudentId = loggedInStudentId);
}
尝试这样的事情:
var students = from s in studentRepository.GetStudents()
where s.Id = User.Identity.GetUserId()
select s;
您将必须使用学生使用的任何与GetUserId()匹配的标识列,例如,我在此处输入s.Id
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.