ASP.NET MVC 表单身份验证和未经身份验证的控制器操作 [英] ASP.NET MVC Forms authentication and unauthenticated controller actions
问题描述
我有一个使用表单身份验证锁定的 ASP.NET MVC 站点.web.config 有
I have a ASP.NET MVC site that is locked down using Forms Authentication. The web.config has
<authentication mode="Forms">
<forms defaultUrl="~/Account/LogOn" loginUrl="~/Account/LogOn" timeout="2880"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
除非用户通过身份验证,否则除帐户/登录外,我的任何页面都无法查看.
None of my pages other than Account/LogOn can be viewed unless the user is authenticated.
现在我正在尝试将 PayPal IPN 添加到我的网站,为此我需要有两个页面来处理 PayPal 的付款确认和感谢页面.这两个页面需要可供匿名用户使用.
Now I am trying to add PayPal IPN to my site and in order to do that I need to have two pages that handle PayPal's payment confirmation and thank you page. These two pages need to be available for anonymous users.
我希望这些页面成为我的帐户控制器之外的控制器操作.有什么方法可以将属性应用于特定的操作方法,使匿名用户可以使用它们?我在这里找到了几篇尝试这样做的帖子,但大多数人想要相反的情况.
I would like these pages to be controller actions off my Account controller. Is there any way I can apply an attribute to specific action methods that make them available to anonymous users? I found a several posts here that attempt to do that but there was most people wanted the opposite scenario.
基本上我希望 AccountController
类对除少数方法之外的大多数方法没有授权.目前,匿名用户似乎只能使用 LogOn 方法.
Basically I want may AccountController
class to have no authorization for most of the methods except for a few. Right now it looks like only the LogOn method is available to anonymous users.
推荐答案
是的,你可以.在您的 AccountController 中有一个 [Authorize] 属性,要么是在类级别(以限制整个控制器),要么是在特定方法上.
Yes you can. In your AccountController there's an [Authorize]-attribute either on class-level (to make the whole controller restricted) or on specific methods.
要限制特定的操作,您只需在处理这些操作的方法上使用 Authorize-attribute,并且不限制控制器类.
To make specific actions restricted you simply use the Authorize-attribute on the methods that handle these actions, and leave the controller-class unrestricted.
这里有几个例子...希望能帮到你
Here are a few examples... hope it helps
要要求用户登录,请使用:
To require users to login, use:
[Authorize]
public class SomeController : Controller
// Or
[Authorize]
public ActionResult SomeAction()
要限制特定角色的访问,请使用:
To restrict access for specific roles, use:
[Authorize(Roles = "Admin, User")]
public class SomeController : Controller
// Or
[Authorize(Roles = "Admin, User")]
public ActionResult SomeAction()
要限制特定用户的访问,请使用:
And to restrict access for specific users, use:
[Authorize(Users = "Charles, Linus")]
public class SomeController : Controller
// Or
[Authorize(Users = "Charles, Linus")]
public ActionResult SomeAction()
如您所见,您可以在类级别或方法级别使用该属性.您的选择!
As you can see, you can either use the attribute at class-level or at method-level. Your choice!
这篇关于ASP.NET MVC 表单身份验证和未经身份验证的控制器操作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!