路由业务分支:ASP.NET MVC 中的精细访问控制

发布于 2024-08-30 07:15:38 字数 819 浏览 11 评论 0原文

应如何构建 ASP.NET MVC 路由以允许对业务分支机构进行基于角色的精细访问控制?

每个业务实体本身或通过其父实体都与分支机构相关。是否有一种优雅的方法来根据用户角色为任意数量的分支授权操作?

1. 路线中有{分支}吗?

{branch}/{controller}/{action}/{id}

操作:

[Authorize(Roles="Technician")]
public ActionResult BusinessWidgetAction(BusinessObject obj)
{
    // Authorize will test if User has Technician role in branch context
    // ...
}

2. 从业务实体中检索分支?

{controller}/{action}/{id}

行动:

public ActionResult BusinessWidgetAction(BusinessObject obj)
{
    if (!User.HasAccessTo("WidgetAction", obj.Branch))
        throw new HttpException(403, "No soup for you!"); // or redirect

    // ...
}

3.或者有更好的方法吗?

How should ASP.NET MVC routes be structured to allow granular role-based access control to business branches?

Every business entity is related to a branch, either by itself or via its parent entities. Is there an elegant way to authorize actions based on user-roles for any number of branches?

1. {branch} in route?

{branch}/{controller}/{action}/{id}

Action:

[Authorize(Roles="Technician")]
public ActionResult BusinessWidgetAction(BusinessObject obj)
{
    // Authorize will test if User has Technician role in branch context
    // ...
}

2. Retrieve branch from business entity?

{controller}/{action}/{id}

Action:

public ActionResult BusinessWidgetAction(BusinessObject obj)
{
    if (!User.HasAccessTo("WidgetAction", obj.Branch))
        throw new HttpException(403, "No soup for you!"); // or redirect

    // ...
}

3. Or is there a better way?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

谁与争疯 2024-09-06 07:15:38

我最终在每个业务分支的单独应用程序和数据库上使用相同的代码库。这意味着我必须单独更新每个,但允许分叉功能。

我推出了自己的 [BranchAuthorize(Roles = "Editor, Stock Keeper")] 属性,该属性根据控制器操作所需的角色检查经过身份验证的用户的角色,并在未分配任何角色的情况下显示一条详细说明所需角色的消息。

统一的分支机构访问控制需要单独的授权服务,但允许集中权限管理。

I ended up using the same codebase on separate applications and databases for each business branch. This means I have to update each individually, but allows forking of features.

I rolled my own [BranchAuthorize(Roles = "Editor, Stock Keeper")] attribute which checks the authenticated user's roles against the controller action's required roles and displays a message detailing the required roles if none are assigned.

Unified branch access control would require a separate authorization service, but would allow for central rights administration.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文