WCF RIA 服务授权
假设我们有两个组“管理员”和“用户”。管理员可以使用服务中可用的任何操作,但用户只能使用其中的某些操作。
我应该将“管理员”组添加到每个操作中,还是只是将其写在类的顶部就可以了?
谢谢。
Assume we have two groups "Admins" and "Users". Admins are able to use any operation available in the service but the users can only use some of them.
Should I add the "Admins" group to every single operation or if I just write it on top of the class will do the trick?
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
多个 RequiresRole 属性通过 AND 组合,而传递到单个属性的多个角色则通过 OR 组合。在您的情况下,您需要对属性(“用户”或“管理员”)进行或操作,因此您必须将“管理员”应用于每个方法。
//“管理员”&& “User”,相当于使用“Admin”的类属性
[RequiresRole("Admin"), RequiresRole("User")]
// "Admin" || “用户”
[RequiresRole(“管理员”,“用户”)]
Multiple RequiresRole attributes are combined with an AND while multiple roles passed to a single attribute are OR'd. In your case, you'll want to OR the attributes ("User" or "Admin") so you'll have to apply "Admin" to every single method.
// "Admin" && "User", equivalent to using a class attribute for "Admin"
[RequiresRole("Admin"), RequiresRole("User")]
// "Admin" || "User"
[RequiresRole("Admin", "User")]
我也有同样的问题。不幸的是,您必须在每个方法上设置角色。或者,您可以使用 saf-framework 来实施基于访问的授权。
否则,我建议您覆盖域服务的 BeforeSubmit() 方法,并检查那里对象的访问权限,以避免每个方法上有过多的属性。
例如,您可能想要更改访问策略,但不想遍历每一种方法并执行此操作。
I had the same problem. Unfortunately you have to set the roles on every method. Alternatively you can use saf-framework to implement acces based authorization.
Otherwise, I would suggest you overwrite the BeforeSubmit() method of you domain service, and check access for your objects there to avoid excessive attributes on each method.
For example you may want to change your access strategy and you don't want to go through every single method and do that.