在登录后保护整个网站，即“授权"所有控制器中的所有动作 [英] Protect entire website behind a login i.e. "Authorize" all Actions within all controllers

问题描述

标题几乎说明了一切.

我有一个仅在登录后才能运行的网站，所以我想确保除非您登录，否则无法访问任何内容.这包括ActionResults，JsonResults等...

I have a website which will only run behind a login so I want to ensure that nothing can be accessed unless you're logged in. This includes ActionResults, JsonResults etc...

目前，我的控制器上都有[Authorize]，这很繁琐，并且不是很干:)

Currently, I have [Authorize] all over my controllers which is quite tedious and not very DRY :)

那我可以用1条神奇的代码保护整个网站吗? (显然需要访问登录页面)

此外，请注意，我仍然需要进一步保护某些操作，以仅由某些用户/角色使用

推荐答案

如果您有多个控制器，则创建一个AuthorizeController，从该继承您必须受保护的控制器.只需将[Authorize]属性设置为AuthorizeController:

If you have multiple controllers, then make a AuthorizeController from which you inherit your controllers that must be protected. Just set the [Authorize] attribute to the AuthorizeController:

[Authorize]
public class AuthorizeController: Controller
{
}

public class HomeController : AuthorizeController
{
    ...
}

// don't inherit AccountController from AuthorizeController
public class AccountController : Controller
{
    public ActionResult Login()
    {
        ...
    }
}

这篇关于在登录后保护整个网站，即“授权"所有控制器中的所有动作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！