我们如何在ASP.NET身份中实现权限? [英] How do we implement permissions in ASP.NET identity?
问题描述
我们了解如何使用WebApi以ASP.NET身份实现身份验证和授权. 例如,我们可以登录用户,然后检索其安全令牌和角色.
We understand how to implement authentication and authorization in ASP.NET identity with the WebApi. For instance, we can log a user in and then retrieve both his secure token and role.
我们现在要添加权限.例如,用户 steve 可能具有 admin 角色.现在,我们要为管理员角色分配读取,编辑和删除权限.我们如何在ASP.NET Identity中做到这一点? ASP.NET Identity中是否存在现有的权限基础结构?
We now want to add permissions. For instance, user steve may be in the admin role. Now we want to assign read, edit, and delete permissions to the admin role. How do we do that in ASP.NET Identity? Is there existing permissions infrastructure in ASP.NET Identity?
推荐答案
我扩展了ASP.NET Identity,以允许您描述它时的权限.我这样做是为了使安全模型与您的应用程序模型脱钩.传统的将角色放置在AuthorizeAttribute中的方法的问题在于,您必须在设计应用程序的同时设计安全模型,并且如果进行任何更改,则必须重新编译和重新部署应用程序.通过我想到的方法,您可以在自定义AuthorizeAttribute中定义资源和操作,其中的操作类似于权限.现在,您装饰这样的方法:
I extended ASP.NET Identity to allow for permissions as you describe it. I did it to decouple the security model from your application model. The problem with the traditional approach of putting roles in an AuthorizeAttribute is you have to design your security model the same time as you design your application, and if you make any changes you have to recompile and redeploy your application. With the approach I came up with you define resources and operations in a custom AuthorizeAttribute, where operations are analogous to permissions. Now you decorate methods like this:
[SimpleAuthorize(Resource = "UserProfile", Operation = "modify")]
public ActionResult ModifyUserProfile()
{
ViewBag.Message = "Modify Your Profile";
return View();
}
然后,您可以为数据库中的角色分配资源/操作,在部署期间配置安全模型,并且可以在不重新部署的情况下对其进行修改.我在此处使用SimpleMembership撰写了有关这种方法的文章.然后在此处将其移植到ASP.NET Identity .这些文章具有指向带有参考应用程序的完整源代码的链接.
Then you can assign a resource/operation to a role in the database, configuring your security model during deployment and can modify it without redeployment. I wrote about this approach using SimpleMembership here. And later ported it to ASP.NET Identity here. The articles have links to the full source code with reference applications.
这篇关于我们如何在ASP.NET身份中实现权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
