如何在Mvc 4中将用户授权为Admin和Sub? [英] How Can I Authorized User As Admin And Sub In Mvc 4?
问题描述
这是我的登录口号...请帮助我,,,,,
this is my login codde...plese plese help me,,,,,
//login.aspx//login view//
<%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage<demomvc.Models.login>" %>
<!DOCTYPE html>
<script runat="server">
</script>
<html>
<head runat="server">
<meta name="viewport" content="width=device-width" />
<title>login</title>
</head>
<body>
<div>
<% using (Html.BeginForm()) { %>
<%: Html.ValidationSummary(true, "password or user name was not found.") %>
<div>
<fieldset>
<legend>Account Information</legend>
<div class="editor-label">
<%: Html.LabelFor(m => m.name) %>
</div>
<div class="editor-field">
<%: Html.TextBoxFor(m => m.name) %>
<%: Html.ValidationMessageFor(m => m.name) %>
</div>
<div class="editor-label">
<%: Html.LabelFor(m => m.password) %>
</div>
<div class="editor-field">
<%: Html.TextBoxFor(m => m.password) %>
<%: Html.ValidationMessageFor(m => m.password) %>
</div>
<div class="editor-label">
<%: Html.LabelFor(m => m.type) %>
</div>
<div>
<%: Html.TextBoxFor(m =>m.type) %>
<%: Html.ValidationMessageFor(m => m.type) %>
</div>
<input type="submit" value="Log In" />
</fieldset>
</div>
<% } %>
<%= Html.ActionLink("NOT SUB USER PLESE CLICK", "adminloginpanal")%>
<div><%= Html.ActionLink("New users register here", "registration")%></div>
</body>
</html>
//login.cs// login model
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.SqlClient;
using System.ComponentModel.DataAnnotations;
using System.Web.Security;
namespace demomvc.Models
{
public class login
{
[Required]
[Display(Name = "User name")]
public string name { get; set; }
[Required]
[Display(Name = "Password")]
public string password { get; set; }
[Required]
[Display(Name = "Type")]
public string type { get; set; }
public bool IsValid(string _username, string _pwd,string _typ)
{
string _sql = "Select name From dbo.[login] Where name='" + _username + "' And password='" + _pwd + "'And type='"+_typ+"'";
SqlConnection con = new SqlConnection(@"Data Source=HARI\SQLEXPRESS;Initial Catalog=demo;Integrated Security=True");
con.Open();
SqlCommand cmd = new SqlCommand(_sql, con);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
return true;
else
return false;
}
}
this is.....home controller
[HttpGet]
public ActionResult Login()
{
return View();
}
[HttpPost]
public ActionResult Login(demomvc.Models.login lgn, string username, string password,string type)
{
FormsAuthentication.Authenticate(username, password);
if (ModelState.IsValid)
{
if (lgn.IsValid(lgn.name, lgn.password, lgn.type))
{
//TempData["type"] = lgn.type.ToString();
//ViewBag.type = lgn.type.ToString();
return RedirectToAction("details", "Home");
}
else
{
ModelState.AddModelError("","The user name or password provided is incorrect.");
}
}
return View(lgn);
}
public ActionResult Logout()
{
FormsAuthentication.SignOut();
return RedirectToAction("Index", "Home");
}
[HttpGet]
public ActionResult delete(int id,demomvc.Models.DeleteModel deletemodel,string type)
{
if (deletemodel.type == "admin")
{
int d_record = deletemodel.delete(id, type);
if (d_record > 0)
{
return RedirectToAction("details", "home");
}
else
{
ModelState.AddModelError("", "can not delete");
}
}
else
{
Response.Write("you can not delete this record");
Response.Redirect("http://localhost:1194/Home/details");
}
return View("Index");
}
}}
推荐答案
实现此逻辑是满容易。我们需要做的就是在我们的Create动作方法中添加[Authorize]过滤器属性,如下所示:
Implementing this logic is pretty easy. All we need to-do is to add an [Authorize] filter attribute to our Create action methods like so:
//
// GET: /Dinners/Create
[Authorize]
public ActionResult Create() {
...
}
//
// POST: /Dinners/Create
[AcceptVerbs(HttpVerbs.Post), Authorize]
public ActionResult Create(Dinner dinnerToCreate) {
...
}
[授权]过滤器可选择支持指定用户或角色属性的功能,该属性可用于要求用户同时登录并在列表中允许的用户或允许的安全角色的成员。例如,下面的代码只允许两个特定用户scottgu和billg访问/ Dinners / Create URL:
The [Authorize] filter optionally supports the ability to specify a "Users" or "Roles" property that can be used to require that the user is both logged in and within a list of allowed users or a member of an allowed security role. For example, the code below only allows two specific users, "scottgu" and "billg", to access the /Dinners/Create URL:
[Authorize(Users="scottgu,billg")]
public ActionResult Create() {
...
}
然后我们可以将代码更新为仅允许特定管理员角色中的用户
We could then update the code to only allow users within a specific "admin" role
[Authorize(Roles="admin")]
public ActionResult Create() {
...
}
从以下链接获取更多详细信息
自定义身份验证和授权 - 在ASP.NET-MVC.html中 [ ^ ]
身份验证角色基础 [ ^ ]
这篇关于如何在Mvc 4中将用户授权为Admin和Sub?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!