ASP.NET MVC:除了用属性装饰其控制器/操作之外,还有其他方法可以将角色应用于应用程序吗?
将 WSAT 与ASP.NET Webform 应用程序结合使用时,可以创建新角色、向其中添加/删除用户,以及(最重要的是)定义适用于该角色的规则;即,您有一个文件夹树,它允许您选择要在哪个文件夹中应用有关特定角色的特定规则。因此,您无需离开舒适的 WSAT 即可完成所有工作。
对于 ASP.NET MVC,我没有找到这样的功能。即使可以从 WSAT 添加新角色并向其添加/删除用户,我仍然需要转到我的应用程序代码并使用属性装饰控制器和/或操作,如下所示:
[Authorize(Roles = "role1, role2, ...")]
那么,仅仅为了接触应用程序代码而使用工具创建角色有什么意义呢?另外,假设管理员不知道如何编写代码并且需要创建与现有角色略有不同的角色?
除了用属性装饰其控制器/操作之外,还有其他方法可以将角色应用于应用程序吗?我想这与框架的工作方式有关。不管怎样,我想知道是否有一种方法可以处理开发人员需要一直使用代码的事实。
感谢您的帮助
When using WSAT with a ASP.NET webform application, it's possible to create a new role, add/remove users to/from it, and (most importantly) define rules that apply for that role; i.e. you have a folder tree that allows you to choose which folder you want to apply a particular rule regarding a certain role. So, you can do all your work without leaving the comfort of your WSAT.
With ASP.NET MVC I didn't find such functionality. Even if it's possible to add a new role from WSAT and add/remove users to/from it, I still need to go to my application code and decorate controllers and/or actions with attributes, like this:
[Authorize(Roles = "role1, role2, ...")]
So what the point of creating role with a tool just to go after touch the application code? Also, Let's say The administrator doesn't know how to write code and need to create role that's slightly different from the existing ones?
Is there any other way apply to role to an application but decorating its controllers/actions with attributes? I guess that's to do with the way the framework works. Anyway, I'd like to know if there's a way to deal with the fact developers need to go play with the code all the time.
Thanks for helping
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
由于 MVC 是可扩展的,您可以实现自己的自定义 AuthorizeAttribute 并在数据库或 xml 文件中搜索所需的角色。
Since MVC is extensible you can implement your own custom AuthorizeAttribute and search for the required roles in a database or an xml file.
基本上,您需要将角色允许执行(或不允许执行)的功能存储在数据库/xml 中,就像您在简单的 Web 表单应用程序中所做的那样。
然后,您创建自定义授权过滤器,它将检查数据库以查看当前操作是否允许。所以真正意义上系统中不会有很多真正的角色。
要了解如何覆盖授权过滤器,请阅读此> http://schotime.net/博客/index.php/2009/02/17/custom-authorization-with-aspnet-mvc/
Basically you would need to store the functionality a role is allowed to do (or not allowed to do) in a database/xml just like you would've done in a simple webforms app.
Then you create your custom Authorize filter which will check the database to see if the current action is allowed or not. So in a true sense there won't be many true Roles in the system.
To understand how to override Authorize filter , read this > http://schotime.net/blog/index.php/2009/02/17/custom-authorization-with-aspnet-mvc/