我怎样才能实现安全修整Html.RenderAction？ [英] How can I implement a security trimmed Html.RenderAction?

问题描述

我期待创造一个安全修剪（基本上，如果你没有权限不渲染）Html.RenderAction。

I am looking to create a security trimmed (basically if you don't have permission don't render) Html.RenderAction.

的目的是为了显示各种窗口小部件/页部件，如果该人不具有上行动的RenderAction不会被调用的许可（或至少不引起重新直接登录页）。例如，页面显示所有已登录的用户。然而，有将是只用于人力资源，业务发展的部分，如果你是在人力资源和业务发展，你会得到两个部分等。

The aim is to display various widgets/page components and if the person doesn't have permission on the action the RenderAction doesn't get called (or at least doesn't cause a re-direct to login page). For example the page is shown to all logged in users. However there will be parts that are only for HR, Business Development and if you are in HR and Business development you would get both parts etc.

这是所谓的RenderAction每个部分是独立的，因此意味着我可以很容易地包含所有必需的部分网页，但然后他们如果用户是不允许只是不显示。如果我叫上的RenderAction一个动作的人没有权限，然后它会导致他们得到重新定向到登录页面。

Each part called by RenderAction is stand-alone so it means I can easily make pages that contain all the required parts but then they just don't display if the user isn't permitted. If I call RenderAction on for an action someone doesn't have permission to then it causes them to get re-directed to login page.

我见过类似的链接，但作为操作相似的人做了什么做了什么？

I have seen something similar done with links but as anyone done anything similar for Actions?

我希望得到这样的：

@Html.RenderSecurityTrimmedAction("Main","Business-Widget1")
@Html.RenderSecurityTrimmedAction("Main","HR-Widget")
@Html.RenderSecurityTrimmedAction("Main","General-Widget3")

如果控件访问是基于当前的人员角色。我有安全访问可以正常使用。它的主要创建不uncenssarily运行动作，如果用户不具有perission一个的RenderAction

Where Widget access is based on the persons current role. I have security access working perfectly. It's mainly creating a RenderAction that doesn't uncenssarily run the Action if the user doesn't have perission

我想保持$ C $下的干，所以我不希望被携带​​大量的视图模型的属性，然后不得不每包在Html.RenderAction if语句。这些组件将出现在不同的地方，所以我希望他们能够即插即用。

I want to keep the code DRY so I don't want to be carrying lots of ViewModel properties and then having to wrap every Html.RenderAction in an if statement. These components will appear in a variety of places so I want them to be plug and play.

推荐答案

我实现了以下内容：

    public static void SecurityTrimmedRenderAction(this HtmlHelper htmlHelper,
                                                  ActionResult actionResult)
    {
        var routeValueDictionary = actionResult.GetRouteValueDictionary();
        var actionName = (string)routeValueDictionary["Action"];
        var controllerName = (string)routeValueDictionary["Controller"];
        //var areaName = (string)routeValueDictionary["Area"];
        var hasActionPermission = SecurityTrimmingExtensions.HasActionPermission(htmlHelper, actionName,
                                                                                 controllerName);
        if (hasActionPermission)
        {
            htmlHelper.RenderAction(actionResult);
        }
    }

该SecurityTrimmingExtensions遵循code在这里找到：<一href=\"http://stackoverflow.com/questions/2196994/asp-net-mvc-how-to-determine-if-a-user-can-access-a-url\">ASP.Net MVC如何确定用户可以访问网址？

我没有碰授权做这种方式为code不叫，如果当前用户没有权限

I don't have to touch Authorize doing it this way as the code isn't called if the current user doesn't have permissions

这篇关于我怎样才能实现安全修整Html.RenderAction？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！