如何手动设置用户的ASP.NET MVC中的作用？ [英] How do I manually set a user's role in ASP.NET MVC?

问题描述

这个项目我的工作要求我保持联系用户的本地数据库，并使用一个外部的数据库普通用户。任何人谁在管理数据库通过认证应分配系统管理员的角色，任何通过其他数据库验证总是会分配一个用户的角色。

This project I'm working on requires me to keep a local db of admin users and use an external db for regular users. Anyone who passes authentication in the admin db should be assigned the 'admin' role, and anyone authenticated through the other db will always be assigned a 'user' role.

我可以手动分配这些角色？我不需要的角色提供或任何东西的复杂性，因为我只使用这将永远是基于这两个角色，他们与验证其分贝。

Can I manually assign these roles? I don't need the complexity of a Role Provider or anything, since I'm only using these two roles which will ALWAYS be based on which db they authenticate with.

这将是一个巨大的帮助，如果你能提供样品code或一些文档的链接。谢谢！

It would be a HUGE help if you could provide sample code or a link to some documentation. Thanks!

编辑：

目前我不使用角色提供和创造人似乎像一个麻烦。我知道它不是'最佳实践'，但我只需要在登录时指定为2角色1（这永远不会改变）。它也没有什么意义，以存储在数据库中的角色信息，因为用户已经用他们的作用分为2 DBS。

Currently I am not using the role provider and creating one seems like a hassle. I know its not 'best-practice', but I only need to assign 1 of 2 roles during login (this will never change). It also doesn't make sense to store role information in the database, since users are already separated into 2 dbs by their role.

下面是一些伪code：

Here's some pseudo-code:

if (AdminDB.ValidateUser(username,password)==true) {
     SetAuthCookie(username);
     AssociateUserWithRole(username, 'admin');
} elseif (UserDB.ValidateUser(username,password)==true) {
     SetAuthCookie(username);
     AssociateUserWithRole(username, 'user');
} else {
     // Login failed.
}

其ThisSession.AssociateUserWithRole的一部分，我不知道。基本上，一个用户进行身份验证，我需要的用户属于哪个角色来告诉.NET。

Its the 'ThisSession.AssociateUserWithRole' part I don't know. Basically, one the user is authenticated, I need to tell .NET which role the user belongs to.

推荐答案

实现角色提供是不是特别难 - 特别是如果你只执行角色检查，而不是角色管理。只实现那些你需要并且有其余的扔NotImplementedExceptions部分。如果你只有一个应用程序，你不必太在意的部分无论是。需要注意的是，你需要将通过框架如何使用它来支配的部分，而不是你将如何使用它。我认为，比如你将需要实现返回所有用户的角色该位，即使你只是想检查，如果他们是在一个特定的作用。

Implementing a role provider is not particularly hard -- especially if you are only implementing the role checking, not the role management. Just implement those portions that you need and have the rest throw NotImplementedExceptions. If you only have one application you need not be too concerned about that portion either. Note that the portions that you need will be dictated by how the framework uses it, not how you would use it. I think for example you will need to implement the bit that returns all the user's roles even if you only want to check if they are in a specific role.

这是说，你可以省略整个RoleProvider做整个事情的会话。在这种情况下，你实现自己的<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx\">AuthorizeAttribute和替换它的认证并用自己的检查角色位。在通过身份验证后会话存储用户的角色，并检查它那里使用属性，提供给该方法/类，你已经与它的装饰属性的参数。

That said, you could omit the whole RoleProvider and do the whole thing in the Session. In this case you'd implement your own AuthorizeAttribute and replace it's authentication and role-checking bits with your own. Store the user's role in the session once authenticated and check it there using your attribute and the parameters supplied to the attribute for the method/class you've decorated it with.

这篇关于如何手动设置用户的ASP.NET MVC中的作用？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！