每页检测用户是否为管理员(或任何类型),asp.net mvc 默认成员资格提供程序
我正在构建一个 Web 应用程序,我希望当用户以管理员身份登录时,前端的某些功能可见。
我正在使用默认的会员资格提供程序,但我有一个名为 userFields 的扩展表,用于存储用户设置。
我刚刚向该表添加了一个 UserType 字段,现在正在考虑如何最好地在页面上选取该字段。
我真的不想向每个控制器方法添加额外的代码来从数据库中获取此信息并传递它。
有没有更好的方法来做到这一点,或者使用 asp.net 成员资格中的内置角色设置,或者有一种很酷的方法可以从我的数据库中公开此信息,就像 user.identity.name 的工作方式或(User .Identity.Name).ProviderUserKey;
I'm building a web application, and I would like to make certain functions on the front end visible when a user is logged in as an administrator.
I am using the default membership provider, but I have an extension table called userFields which i use for storing user settings.
I have just added a UserType field to this table, and am now considering how will be best to pick this up on the pages.
I don't really want to have to add extra code to each controller method to get this information out of the db, and pass it through.
Is there a better way to do this, either using the built in roles settings in asp.net membership, OR is there a cool way I can expose this information from my db, in the same way user.identity.name works or (User.Identity.Name).ProviderUserKey;
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
只要您使用将用户对象放置在上下文中的标准身份验证方法,就不应该太难。在您看来,使用 Html.RenderPartial 和适当的控制器来完成您想要的事情,如下所示...
/Home/Index View:
/Home/Admin View:
/Shared/Empty View:
/Home Controller:
That should work...我就是这么做的。如果它是错误的,希望更聪明的人发布更好的答案,这样我们都可以学习
编辑:
只是想到了其他东西......如果你的用户对象实现了IPrincipal,你可以从上下文中提取它,转换它到您的用户类型并在用户类中拥有正确的信息...
有点像这样
然后管理视图逻辑可能如下所示:
As long as you are using the standard authentication method that places the user object in the context it shouldn't be too hard. In your view, use Html.RenderPartial and the appropriate controller to accomplish what you want like this...
/Home/Index View:
/Home/Admin View:
/Shared/Empty View:
/Home Controller:
That should work... It's how I do it. If it's wrong, hopefully someone smarter posts a better answer so we can both learn
EDIT:
Just thought of something else... If your user object implements IPrincipal, you could extract it from the context, cast it to your user type and have the information right in the user class...
Kind of like this
Then the admin view logic could look like this:
使用 asp.net 角色 - 然后您可以在控制器上使用授权属性来确保用户具有相关的角色集。
请参阅此问题。
这解决了仅允许某些用户访问某些操作/控制器的问题。
它并不能解决仅使某些功能“可见”的问题。为此,您需要创建不同的视图(或部分视图),并且您的控制器根据角色选择要呈现的视图,或者将特定于角色的逻辑直接写入视图中。
当然,如果您将用户的标志存储在单独的表中,您可以根据自己的数据完成所有这些操作。编写您自己的授权属性(即授权过滤器),并使用您自己的数据来驱动视图 - 只需将其作为视图数据的一部分传递给视图 - 就像模型的任何其他部分一样。
您说您不想编写代码来通过控制器将数据传递到视图 - 但这就是控制器的用途 - 这就是它们存在的原因。您可以编写一个静态方法 - 或某种类型的服务,绕过控制器直接从视图访问数据库,但您也可以回到 Webforms。
Use the asp.net roles - then you can use authorization attributes on your controllers to ensure that the user has the relevant roles set.
See this question.
This solves the problem of only allowing certain actions/controllers to be accessible to certain users.
It doesn't solve the problem of only making certain features 'visible'. To do that you will need to either create different views (or partial views) and your controller(s) chooses which view to render based on roles - or you write role specific logic directly into your view.
Of course if you store flags for users in a separate table you can do all this based on your own data. Write your own authorization attribute (i.e. an authorization filter), and use your own data to drive views - just pass it to the view as part of the view data - just like any other part of the model.
You say you don't want to write code to pass the data through your controller to the view - but this is kind of what controllers are for - it's the reason they exist. You could write a static method - or a service of some type that access the DB directly from the view, bypassing the controller, but then you might as well just go back to webforms.