动态路径的 ASP.NET MVC 授权

发布于 2024-10-06 08:00:40 字数 648 浏览 3 评论 0原文

我正在使用 ASP.NET MVC 的表单身份验证。在应用程序级别的 web.config 中，我可以设置需要身份验证的路径，如下所示；

<location path="subdir1">
<system.web>
    <authorization>
        <allow users ="?" />
    </authorization>
</system.web>
</location>

subdir1 是 Views 文件夹中的文件夹名称。这适用于 siteurl.com/subdir1 的网页路由。

但是，如果我的 subdir1 在另一个动态创建的路由下，则此设置不起作用。例如; siteurl.com/dynamic/subdir1 不请求身份验证。 dynamic 是在运行时创建的，web.config 在应用程序启动时不知道它，但它不应该关心它，我只是希望它在访问 subdir1 时请求身份验证路线。

有什么方法可以为这种情况设置位置的路径属性吗？或者你还有其他方法来解决这个问题吗？

任何帮助将不胜感激。卡斯萨卡尔

原文

I am using forms authentication with ASP.NET MVC. Within web.config at application level I can set the paths that I require authentication to as follows;

<location path="subdir1">
<system.web>
    <authorization>
        <allow users ="?" />
    </authorization>
</system.web>
</location>

subdir1 is folder name within the Views folder. This works for the web page routing as siteurl.com/subdir1.

However, if my subdir1 is under another dynamically created route, this setting does not work. For instance; siteurl.com/dynamic/subdir1 does not request authentication. dynamic is created at runtime and web.config does not know about it at application start but it should not care about it, I just want it to ask for authentication whenever there is an access to subdir1 route.

Is there any way that I can set the location's path attribute for this case? or do you have any other way to solve this issue?

Any help would be appreciated.
cas sakal

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

阳光下慵懒的猫 2024-10-13 08:00:40

您可以通过在适当的操作或控制器上使用 Authorize 属性来控制授权。

[Authorize]
public ActionResult MyAction()
{
   //stuff
}

更多信息请访问 ASP.NET MVC 授权

You can control authorization by using the Authorize attribute on the appropriate actions or controllers.

[Authorize]
public ActionResult MyAction()
{
   //stuff
}

Some more information can be found at ASP.NET MVC Authorization

回复收藏 0 原文

请叫√我孤独 2024-10-13 08:00:40

您应该在控制器上使用 AuthorizeAttribute /actions 而不是在 web.config 文件中设置映射到控制器的路由的访问权限。如果并非所有操作都需要登录用户，则只需将该属性应用于需要授权的操作（方法）。

[Authorize]
public class ProtectedController : Controller
{
    // all actions in this controller require the user to be logged in
}

public class MixedController : Controller
{
    [Authorize]
    public ActionResult ProtectedAction()
    {
        // this action requires the user to be logged in
    }

    public ActionResult PublicAction()
    {
       // this action is available to anonymous users
    }
}

You should be using the AuthorizeAttribute on your controllers/actions rather than setting up access in the web.config file for routes that map onto your controllers. You only need to apply the attribute to those actions (methods) that require authorization if not all of your actions require a logged in user.

[Authorize]
public class ProtectedController : Controller
{
    // all actions in this controller require the user to be logged in
}

public class MixedController : Controller
{
    [Authorize]
    public ActionResult ProtectedAction()
    {
        // this action requires the user to be logged in
    }

    public ActionResult PublicAction()
    {
       // this action is available to anonymous users
    }
}

回复收藏 0 原文

~没有更多了~