[英]ASP.NET Identity - How to allow access to ONLY the logged in User?
我有一個StudentController頁面,我只想顯示當前登錄用戶的信息。就像現在,當一個學生登錄其帳戶時,他能夠看到大學中所有學生的列表。
我只想將視圖限制為他的帳戶。 我正在嘗試使用Controller中的Index方法,但是當我嘗試通過User.Identity.GetUserId() select s;
獲取學生時,我遇到了PagedList View的問題User.Identity.GetUserId() select s;
而不是studentRepository.GetStudents()
。
// GET: /Student/
public ViewResult Index(string sortOrder, string currentFilter, string searchString, int? page)
{
ViewBag.CurrentSort = sortOrder;
ViewBag.NameSortParm = String.IsNullOrEmpty(sortOrder) ? "name_desc" : "";
ViewBag.DateSortParm = sortOrder == "Date" ? "date_desc" : "Date";
if (searchString != null)
{
page = 1;
}
else
{
searchString = currentFilter;
}
ViewBag.CurrentFilter = searchString;
//var students = from s in User.Identity.GetUserId() select s;
var students = from s in studentRepository.GetStudents()
select s;
if (!String.IsNullOrEmpty(searchString))
{
students = students.Where(s => s.LastName.ToUpper().Contains(searchString.ToUpper())
|| s.FirstMidName.ToUpper().Contains(searchString.ToUpper()));
}
switch (sortOrder)
{
case "name_desc":
students = students.OrderByDescending(s => s.LastName);
break;
case "Date":
students = students.OrderBy(s => s.EnrollmentDate);
break;
case "date_desc":
students = students.OrderByDescending(s => s.EnrollmentDate);
break;
default: // Name ascending
students = students.OrderBy(s => s.LastName);
break;
}
int pageSize = 3;
int pageNumber = (page ?? 1);
return View(students.ToPagedList(pageNumber, pageSize));
}
//
// GET: /Student/Details/5
public ViewResult Details(int id)
{
Student student = studentRepository.GetStudentByID(id);
return View(student);
}
您可以在linq查詢中放置where子句,以僅顯示該學生的信息:
var loggedInStudentId = User.Identity.GetUserId();
from s in studentRepository.GetStudents()
where s.StudentId == loggedInStudentId
select s
您可以檢查用戶是否不是管理員,然后僅顯示自己的記錄,例如:
var students = from s in studentRepository.GetStudents()
select s;
if(!User.IsInRole("Admin"))
{
var loggedInStudentId = User.Identity.GetUserId();
students = students.Where(x=>x.StudentId = loggedInStudentId);
}
嘗試這樣的事情:
var students = from s in studentRepository.GetStudents()
where s.Id = User.Identity.GetUserId()
select s;
您將必須使用學生使用的任何與GetUserId()匹配的標識列,例如,我在此處輸入s.Id
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.