MVC RoleProvider 和授权属性

发布于 2024-10-11 20:48:32 字数 339 浏览 2 评论 0原文

我已经实现了自己的角色提供程序，并且没有使用默认的角色提供程序。它可以告诉人们何时应该或不应该查看页面。

但是，它可以执行以下操作：

如果用户未登录，则重定向到我的登录页面
如果用户已登录但没有正确的角色，则重定向到其他页面

我还没有弄清楚如何执行此操作有了 Authorize 属性，我所拥有的就是：

[Authorize(Roles="Admin")]

基本上我需要根据授权失败的部分重定向到不同的页面。

我查看了它是否是 web.config 中的内容，但没有任何明显的内容跳出来。

原文

I have implemented my own role provider, and I'm not using the default one. It works to the point that it can tell when someone should or should not be able to view a page.

However, can it do the following:

If a user is not logged in, redirect to my login page
If a user IS logged in but does not have the correct role, redirect to a different page

I haven't figured out how to do this with the Authorize attribute, all I have is:

[Authorize(Roles="Admin")]

Basically I need to redirect to a different page based on what part of the authorization fails.

I've looked to see if it were something in web.config but nothing obvious jumps out.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

忘东忘西忘不掉你 2024-10-18 20:48:32

VoodooChild 回答了#1。

对于＃2 -

您可以做的是检查用户是否已登录登录页面并显示不同的消息或完全不同的页面（甚至重定向到不同的操作）。

或者，您可以创建自己的授权属性。这将要求您在任何地方都使用此属性，而不是默认的 AuthorizeAttribute

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (filterContext.HttpContext.Request.IsAuthenticated)
        {
            filterContext.Result = new RedirectToRouteResult(
                               new RouteValueDictionary 
                               {
                                   { "action", "ActionName" },
                                   { "controller", "ControllerName" }
                               });
        }
        else
            base.HandleUnauthorizedRequest(filterContext);
    }
}

更新：

只是想到了另一种方法。当从不同页面重定向到 login 页面时，还会传递查询字符串 ReturnUrl。因此，您还可以检查它是否包含某些内容并且用户已通过身份验证，很可能该用户没有查看该页面的权限。

VoodooChild answered #1.

For #2 -

What you can do is check if the user is logged on the login page and display a different message or an entirely different page (or even do a redirect to a different action).

Alternatively you can create your own authorization attribute. This will require that you use this attribute everywhere instead of the default AuthorizeAttribute

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (filterContext.HttpContext.Request.IsAuthenticated)
        {
            filterContext.Result = new RedirectToRouteResult(
                               new RouteValueDictionary 
                               {
                                   { "action", "ActionName" },
                                   { "controller", "ControllerName" }
                               });
        }
        else
            base.HandleUnauthorizedRequest(filterContext);
    }
}

Update:

Just thought of another method. When a redirect is done to login page from a different page, a querystring ReturnUrl is also passed. So you can also check if it contains something AND the user is authenticated, chances are the user didn't have permission to view that page.

回复收藏 0 原文

一笔一画续写前缘 2024-10-18 20:48:32

在我的脑海中，如果您使用 FormsAuthentication 那么回答您的第一个问题 - 是的如果用户未经过身份验证或登录，则可以将其重定向到登录页面：

确保您在 web.config 文件中包含此内容（不确定您是否需要除此之外的任何内容，将调查它..）

<authentication mode="Forms">
  <forms loginUrl="~/AccountController/LogOn" timeout="2880" />
</authentication>

回答您的第二个问题：“如果用户已登录但没有正确的角色，请重定向到不同的页面”

我们这样做的方式是，我们使用 System.Web.Security.Roles.GetRolesForUser(username); 方法来获取角色，并基于此我们在登录后将用户重定向到正确的视图。

希望这有帮助！

Off the top of my head, if you are using FormsAuthentication then to answer your first question - yes If the user is not Authenticated or logged in then it can be redirected to the log on page:

Make sure you have this in web.config file (not sure if you need anything beside this, will look into it..)

<authentication mode="Forms">
  <forms loginUrl="~/AccountController/LogOn" timeout="2880" />
</authentication>

To answer your second question: "If a user IS logged in but does not have the correct role, redirect to a different page"

The way we did this was, we used the System.Web.Security.Roles.GetRolesForUser(username); method to get the Roles and based on this we redirected the user to the correct view, after login.

Hope this helps!

回复收藏 0 原文

~没有更多了~