基于在asp.net mvc的角色自定义用户授权 [英] Custom user authorization based with roles in asp.net mvc
问题描述
我创建了一个自定义的验证和授权,我面对我的问题users.The是如何获得MVC来检查我的控制器上从我的用户里面的那个角色表匹配[授权(角色),以便设置httpauthorised到true.Below是我customauthorise类。
I have created a custom authentication and authorisation for my users.The problem I am facing is how to get mvc to check that role from inside my users table matches the [Authorize(Role)] on my controller so as to set httpauthorised to true.Below is my customauthorise class.
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
filterContext.Controller.TempData["ErrorDetails"] = "You must be logged in to access this page";
filterContext.Result = new RedirectResult("~/User/Login");
return;
}
if (filterContext.HttpContext.Request.IsAuthenticated)
{
using (var db = new GManagerDBEntities())
{
var authorizedRoles = (from u in db.Users
where u.Username == filterContext.HttpContext.User.Identity.Name
select u.Role).FirstOrDefault();
Roles = String.IsNullOrEmpty(Roles) ? authorizedRoles.ToString() : Roles;
}
}
if (filterContext.Result is HttpUnauthorizedResult)
{
filterContext.Controller.TempData["ErrorDetails"] = "You do nat have necessary rights to access this page";
filterContext.Result = new RedirectResult("~/User/Login");
return;
}
}
public CustomAuthorizeAttribute(params object[] roles)
{
if (roles.Any(r => r.GetType().BaseType != typeof(Enum)))
throw new ArgumentException("roles");
this.Roles = string.Join(",", roles.Select(r => Enum.GetName(r.GetType(), r)));
}
}
下面
是我的控制器,具有装饰
below is my controller with decoration
[CustomAuthorize(Role.Administrator)]
[HttpGet]
public ActionResult CreateEmployees()
{
return View();
}
和我的角色枚举
public enum Role
{
Administrator = 1,
UserWithPrivileges = 2,
User = 3,
}
和模型
public class UserModel
{
public int UserID { get; set; }
[Required]
[Display(Name="Username:")]
public string Username { get; set; }
[Required]
public string Password { get; set; }
public int Role { get; set; }
}
看到清晰的视野 pastie
联系我们查看了试图在其他解决这一点,但我似乎无法拼凑在一起 MVC 3授权自定义角色
<一href=\"http://forums.asp.net/p/1573254/3948388.aspx\">http://forums.asp.net/p/1573254/3948388.aspx
links I have viewed in trying to solve this among others but I cant seem to piece it togetherMVC 3 Authorize custom roles http://forums.asp.net/p/1573254/3948388.aspx
<一个href=\"http://stackoverflow.com/questions/20942042/customized-authorization-attribute-in-mvc-4-with-roles\">Customized在MVC 4与角色的授权属性
推荐答案
使用由@VikasRana的http://www.$c$cproject.com/Articles/578374/AplusBeginner-splusTutorialplusonplusCustomplusF
using the link shared by @VikasRana http://www.codeproject.com/Articles/578374/AplusBeginner-splusTutorialplusonplusCustomplusF
我摆脱了我的枚举角色和我的方法
I got rid of my enum Role and my method
public CustomAuthorizeAttribute(params object[] roles)
{ ...}
然后我改变角色在我的模型是一个字符串,例如User.Role =管理,而不是INT。
在我onAuthorization方法,我把它改为:
I then changed Role in my model to be a string e.g. User.Role="Admin" instead of int. In my onAuthorization method I changed it to:
` public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
filterContext.Controller.TempData["ErrorDetails"] = "You must be logged in to access this page";
filterContext.Result = new RedirectResult("~/User/Login");
return;
}
if (filterContext.Result is HttpUnauthorizedResult)
{
filterContext.Controller.TempData["ErrorDetails"] = "You don't have access rights to this page";
filterContext.Result = new RedirectResult("~/User/Login");
return;
}
}
在我的Global.asax加入这一点。
and in my global.asax added this.
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
if (FormsAuthentication.CookiesSupported == true && Request.IsAuthenticated== true)
{
if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
{
try
{
//let us take out the username now
string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
string roles = string.Empty;
using (GManagerDBEntities db = new GManagerDBEntities())
{
User user = db.Users.SingleOrDefault(u => u.Username == username);
roles = user.Role;
}
//let us extract the roles from our own custom cookie
//Let us set the Pricipal with our user specific details
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';'));
}
catch (Exception)
{
//something went wrong
}
}
}
}
以上方法不理想though.It获取运行因为一次简单的页面请求的3倍以上。
Above method is not ideal though.It gets run for every simple page request about 3 times or more.
因此,这里是解决方案2:更好的解决方案
实施的自定义角色提供商的,因为我们已经使用自定义角色implementation.Simply请点击此链接的 http://techbrij.com/custom-roleprovider-authorization-asp-net-mvc
So here is solution 2:better solution Implement a custom role provider since we are already using custom role implementation.Simply follow this linkhttp://techbrij.com/custom-roleprovider-authorization-asp-net-mvc
这篇关于基于在asp.net mvc的角色自定义用户授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!