授权例外
我已经用权限注释标记了我的控制器,但想免除其中一种方法......可以这样做吗?如何?
[Authorize(Roles="Admin")]
public class ProductController : Controller
{
[DEAUTHORIZE]
public ActionResult Start(int it)
{ ... }
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
MVC 4 中引入了AllowAnonymousAttribute,它告诉操作调用者跳过AuthorizeAttribute。
In MVC 4 was introduced AllowAnonymousAttribute which tells action invoker to skip AuthorizeAttribute.
不,这是不可能的。实现此目的的标准方法是简单地将
Start操作移出到单独的控制器中。另一种可能性是构建自定义 IFilterProvider它将有条件地应用授权属性,而不是手动将其烘焙到ProductController中。例如 NInject 使用它并提供 根据当前上下文有条件地应用它们。No, this can't be done. The standard way to achieve this is to simply move the
Startaction out in a separate controller. Another possibility consists into building a custom IFilterProvider which will apply the authorization attribute conditionally instead of baking it manually into theProductController. For example NInject uses this and provides a pretty fluent syntax into configuring action filters. You can conditionally apply them based on the current context.