为 MVC3 设置自定义授权角色
目前我的控制器看起来像这样:
public class ProductBrandsController : Controller
我在网上读到我可以将 [Authorize] 装饰器应用于每个 Action,也可以应用于整个 Controller 本身。
有没有什么方法可以声明一个自定义装饰器,这样我就可以这样称呼它:
[Authorize(Roles = "God")]
public class ProductBrandsController : Controller
或者也许这太麻烦了。我不介意创建一个新的装饰器并像这样调用它:
[Administrator]
public class ProductBrandsController : Controller
//Or
[ContentManager]
public class ProductBrandsController : Controller
然后我将创建一个自定义类来验证登录的用户是否属于该角色。
关于如何解决这个问题有什么建议吗?
Currently my controller looks like this:
public class ProductBrandsController : Controller
I've read online that I can apply the [Authorize] decorator to each Action, but also to the entire Controller itself.
Is there some way to declare a custom decorator so I would call it like so:
[Authorize(Roles = "God")]
public class ProductBrandsController : Controller
Or maybe that's too cumborsome. I wouldn't mind creating a new decorator and calling it like so:
[Administrator]
public class ProductBrandsController : Controller
//Or
[ContentManager]
public class ProductBrandsController : Controller
Then I would create a custom class to verify if the user that's logged in is in the role.
Any suggestions on how to approach this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当然,您只需要从
ActionFilterAttribute派生即可。您可以重写
OnActionExecuting方法来插入逻辑来检查用户的身份验证;当它还不够时,您可以使用上下文对象将用户重定向到操作方法之外。Sure, you just need to derive from the
ActionFilterAttribute.You can override the
OnActionExecutingmethod to insert logic to check your user's authentication; when it is not sufficient, you can redirect the user out of the action method with the context object.