如何在特定的 mvc3 控制器/操作上授权用户角色?
如何在控制器中设置对特定操作的授权?
示例(授权登录的有效用户名):
[Authorize]
public ActionResult ChangePassword()
{
return View();
}
所以,我希望根据用户角色验证访问权限...类似这样:
[Authorize]
[AuthorizeRole="Admin"] // This is psuedo but something like this
[AuthorizeRole="SuperUser"] // This is psuedo but something like this
public ActionResult ChangePassword()
{
return View();
}
上面的情况可能吗?如果不是,基于特定控制器/操作安全性的角色来保护访问的最佳方法是什么?
谢谢!
How can I set authorization to a particular action within a controller?
Example (authorizes valid username logged in):
[Authorize]
public ActionResult ChangePassword()
{
return View();
}
So, I'm looking to validate access based on the users roles...something like this:
[Authorize]
[AuthorizeRole="Admin"] // This is psuedo but something like this
[AuthorizeRole="SuperUser"] // This is psuedo but something like this
public ActionResult ChangePassword()
{
return View();
}
Is something like the above possible? If not what is the best way to secure access based on roles for particular controller/action security?
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这就是你所需要的。
请参阅:http://msdn.microsoft.com/en-us/library/dd460317.aspx
This is what you need.
See: http://msdn.microsoft.com/en-us/library/dd460317.aspx
用户:允许访问操作方法的以逗号分隔的用户名列表。
角色:以逗号分隔的角色名称列表。要访问操作方法,用户必须至少具有这些角色之一。
http://msdn.microsoft.com/en-us /library/system.web.mvc.authorizeattribute.aspx
Users : Comma-separated list of usernames that are allowed to access the action method.
Roles : Comma-separated list of role names. To Access the action method, users must be in at least one of these roles.
http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx