根据用户类型登录 [英] Login based on user type

问题描述

我使用asp.net MVC 3，这也使得登录的Web应用程序。

I am making a web application using asp.net mvc 3, which has login also.

有3种不同类型谁将会使用该网站的用户：管理员，操作员和放大器;经销商。

There are 3 different types of users who will be using the site: Administrator, Operator & Distributor.

我怎样才能创建一个访问管理员和放大器限制经销商登录;网站的经营者的一部分。同样的操作应该不能够访问管理员和放大器;经销商组成部分。也管理员不应该能够访问其它类型的用户的一部分的。即网站应该对用户管理员类型重定向到登录后他的网站的自己的本分。

How can I create a login that restricts a Distributor from accessing Administrator's & Operator's part of the website. Similarly an Operator should not be able to access Administrator & Distributor part. Also Administrator should not be able to access other type of user's part. i.e. the site should redirect an Administrator type of user to his own part of website after login.

最后没有一个人应该能够在没有登录访问自己的网站的一部分。

And finally no one should able to access their own part of website without login.

请任何人都可以帮助我。

Please could anyone help me.

推荐答案

。看看<一个href=\"http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx\"相对=nofollow> ASP.NET 的会员制模式。该模型被用来验证和授权用户的Web应用程序的不同部分。

Look into the membership model of ASP.NET. This model is used to authenticate and authorize users for different parts of your web application.

随着会员制模式，在应用程序中定义了三个角色：管理员，操作员和分销商。当然，也应用程序中创建用户和它们划分在这些角色。

With the membership model, define three roles within your application: Administrator, Operator and Distributor. Of course, also create users within your application and divide them over these roles.

末页向上是实际的认证和授权。使用授权属性来定义哪些角色用户必须具有访问您的网站的某一部分。

Last up is the actual authentication and authorization. Use the Authorize attribute to define which role a user must have to access a certain part of your website.

[Authorize(Roles = "Operator")]
public ActionResult OperatorOnlyStuff()
{
    return View();
}

和确保用户应登录到甚至访问您网站上任何东西，定义了一个<一个href=\"http://stephenwalther.com/archive/2008/08/07/asp-net-mvc-tip-30-create-custom-route-constraints.aspx\"相对=nofollow>自定义的验证路由约束。

And to make sure users should be logged in to even access anything on your site, define a custom authenticated route constraint.

public class AuthenticatedRouteConstraint : IRouteConstraint
{
    public bool Match(HttpContextBase httpContext, Route route, string parameterName, RouteValueDictionary values, RouteDirection routeDirection)
    {
        return httpContext.Request.IsAuthenticated;
    }
}

而在你的默认路由使用自定义的验证路径约束：

And use this custom authenticated route constraint in your default route:

routes.MapRoute(
    "Default",
    "{controller}/{action}/{id}",
    new { controller = "Home", action = "Index", id = UrlParameter.Optional },
    new { isAuthenticated = new AuthenticatedConstraint()}
);

这篇关于根据用户类型登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！