管理基于角色的ASP.NET MVC Web应用程序的更好方法 [英] Better way to manage a Role-Based ASP.NET MVC Web Application

问题描述

朋友；

我对ASP.NET MVC比较陌生.我非常喜欢它，并开始使用它来构建一些小型应用程序.

现在，在以下示例中，我希望用户创建角色和特权以及附加到一个或多个角色的用户

管理员
CanCreateUserAccount
CanEditUserAccount
等

人力资源
CanApproveLeave
CanEffectLoan
ETC

员工
CanApplyForLeave
CanRaiseIOU
ETC



我怎样才能最好地在我的MVC应用程序中实现它?

注意:用户可以自行创建角色，但可以从项目列表中选择特权(从我的代码中枚举生成的列表).

感谢您的理解和大力支持.

Hi friends;

I am relatively new to ASP.NET MVC. I so much like it and started using to build some small app.

Now, I want the user to create Role and priviledges as well as User attached to one or more roles in the following example

Administrator
CanCreateUserAccount
CanEditUserAccount
Etc

HR
CanApproveLeave
CanEffectLoan
ETC

Employee
CanApplyForLeave
CanRaiseIOU
ETC



How best can I implement this in my MVC app?

Note: the user creates the roles by them self but choose the priviledges from list of items (EnumGenerated List from my code).

Thanks for your understanding and greate support.

推荐答案

这可能会给您一些想法，http://weblogs.asp.net/fredriknormen/archive/2007/11/25/asp-net-mvc-framework-security. aspx [ ^ ]

但是，允许用户自己创建角色并选择特权用户不是一个好的设计.当然，每个人都将选择最高级别的访问权限，这一开始就破坏了获得任何安全性的目的.

This might give you some ideas, http://weblogs.asp.net/fredriknormen/archive/2007/11/25/asp-net-mvc-framework-security.aspx[^]

However, it is not a good design to allow users themselves to create the roles and choose the privileged. Of course everyone will choose the highest level of access which defeats the purpose of having any security in the first place.

这篇关于管理基于角色的ASP.NET MVC Web应用程序的更好方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！