ASP.NET身份-如何僅允許訪問已登錄的用戶?
[英]ASP.NET Identity - How to allow access to ONLY the logged in User?
問題描述
我有一個StudentController頁面,我只想顯示當前登錄用戶的信息。就像現在,當一個學生登錄其帳戶時,他能夠看到大學中所有學生的列表。
我只想將視圖限制為他的帳戶。 我正在嘗試使用Controller中的Index方法,但是當我嘗試通過User.Identity.GetUserId() select s;獲取學生時,我遇到了PagedList View的問題User.Identity.GetUserId() select s; 而不是studentRepository.GetStudents() 。
// GET: /Student/
public ViewResult Index(string sortOrder, string currentFilter, string searchString, int? page)
{
ViewBag.CurrentSort = sortOrder;
ViewBag.NameSortParm = String.IsNullOrEmpty(sortOrder) ? "name_desc" : "";
ViewBag.DateSortParm = sortOrder == "Date" ? "date_desc" : "Date";
if (searchString != null)
{
page = 1;
}
else
{
searchString = currentFilter;
}
ViewBag.CurrentFilter = searchString;
//var students = from s in User.Identity.GetUserId() select s;
var students = from s in studentRepository.GetStudents()
select s;
if (!String.IsNullOrEmpty(searchString))
{
students = students.Where(s => s.LastName.ToUpper().Contains(searchString.ToUpper())
|| s.FirstMidName.ToUpper().Contains(searchString.ToUpper()));
}
switch (sortOrder)
{
case "name_desc":
students = students.OrderByDescending(s => s.LastName);
break;
case "Date":
students = students.OrderBy(s => s.EnrollmentDate);
break;
case "date_desc":
students = students.OrderByDescending(s => s.EnrollmentDate);
break;
default: // Name ascending
students = students.OrderBy(s => s.LastName);
break;
}
int pageSize = 3;
int pageNumber = (page ?? 1);
return View(students.ToPagedList(pageNumber, pageSize));
}
//
// GET: /Student/Details/5
public ViewResult Details(int id)
{
Student student = studentRepository.GetStudentByID(id);
return View(student);
}
2 個解決方案
解決方案1
2 已采納 2017-02-24 15:36:46
您可以在linq查詢中放置where子句,以僅顯示該學生的信息:
var loggedInStudentId = User.Identity.GetUserId();
from s in studentRepository.GetStudents()
where s.StudentId == loggedInStudentId
select s
更新:
您可以檢查用戶是否不是管理員,然后僅顯示自己的記錄,例如:
var students = from s in studentRepository.GetStudents()
select s;
if(!User.IsInRole("Admin"))
{
var loggedInStudentId = User.Identity.GetUserId();
students = students.Where(x=>x.StudentId = loggedInStudentId);
}
解決方案2
0 2017-02-24 15:36:55
嘗試這樣的事情:
var students = from s in studentRepository.GetStudents()
where s.Id = User.Identity.GetUserId()
select s;
您將必須使用學生使用的任何與GetUserId()匹配的標識列,例如,我在此處輸入s.Id
如何只允許特定用戶的計算機訪問asp.net Web應用程序?
[英]How to allow only specific user's computer to access asp.net web application?
如何在ASP.NET MVC 5中允許匿名訪問者,但不允許登錄用戶使用操作方法?
[英]How to allow anonymous visitor, but not allow logged in user on action method in ASP.NET MVC 5?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
ASP.NET身份-如何維護登錄用戶角色?
如何在ASP.NET Identity中將用戶限制為僅一個訪問令牌
如何訪問 ASP.Net Identity User 中的自定義字段?
如何只允許特定用戶的計算機訪問asp.net Web應用程序?
如何在ASP.NET MVC 5中允許匿名訪問者,但不允許登錄用戶使用操作方法?
ASP.Net成員資格僅允許人們在登錄后訪問操作
ASP.NET身份編輯是否記錄在用戶的數據中?
ASP.NET身份記錄用戶注冊和上次登錄時間
ASP.NET Identity 2 記住我 - 用戶正在注銷
Asp.net Identity:登錄時更改用戶角色
相關標簽