使用C＃中的属性来检查用户的授权 [英] Using attributes in C# to check authorization of user

查看：69 发布时间：2019/6/16 1:03:32 C# Attributes

本文介绍了使用C＃中的属性来检查用户的授权的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我想检查授权方法，以便当前用户检查他/她是否有权执行此操作。

这是示例我所拥有的属性：

 [AttributeUsageAttribute（AttributeTargets.Method）] 
  public   class  IsAuthorized：Attribute 
 {
  public  IsAuthorized（版权）
 {
  bool  isAuthorized =  false ; 
 
  if （right == Rights.None）
 isAuthorized =  true ; 
  else  
 {
 DataAccessLayer.IDAL dal =  new  DataAccessLayer。 DAL（）; 
  string  userName = Thread.CurrentPrincipal.Identity.Name; 
 Guid userID = dal.GetUserIDFromUserName（userName）; 
 
 isAuthorized = dal.HasRight（userID，right.ToString（））; 
} 
 
  if （！isAuthorized）
  throw   new  SecurityException（ 您没有权利执行此操作）; 
} 
}

这就是我如何判断用户是否有权访问该方法：

 [IsAuthorized（Rights.CreateUserGroup）] 
  public   string  Ping（）
 {
  return   服务在线; 
}

解决方案

这样的事情可能会指向正确的方向;

使用System; 
使用System.Security; 
使用System.Security.Permissions; 
 
 namespace AccessThingie {
 
 [Serializable] 
 [AttributeUsageAttribute（AttributeTargets.Method）] 
 public class IsAuthorized：CodeAccessSecurityAttribute {
 private static readonly PrincipalPermission Allowed = new PrincipalPermission（PermissionState.None）; 
 private static readonly PrincipalPermission NotAllowed = new PrincipalPermission（PermissionState.Unrestricted）; 
 
公共静态类权限
 {
 public const string None =None; 
 public const string CreateUserGroup =CreateUserGroup; 
} 
 
 public string Right {get;组; } 
 
 public IsAuthorized（SecurityAction action）
：base（action）
 {
} 
 
 public override IPermission CreatePermission（）
 {
返回IsAuthorised（右）？允许：不允许; 
} 
 
 private static bool IsAuthorised（string right）
 {
 if（right == Rights.None）
 return true; 
 else {
 / *启用此
 DataAccessLayer.IDAL dal = new DataAccessLayer.DAL（）; 
 string userName = Thread.CurrentPrincipal.Identity.Name; 
 Guid userID = dal.GetUserIDFromUserName（userName）; 
返回dal.HasRight（userID，right）; 
 * / 
返回false; 
} 
} 
} 
 
类程序{
 
 [IsAuthorized（SecurityAction.Demand，Right = IsAuthorized.Rights.CreateUserGroup）] 
 public static string Ping（）
 {
 return服务在线; 
} 
 
 private static void Main（string [] args）
 {
 Ping（）; 
} 
} 
}

希望这有帮助，

弗雷德里克

I would like to check authorization on a method for the current user to check if he/she has the right to perform this action.

Here is the example of the attribute I have in place:

[AttributeUsageAttribute(AttributeTargets.Method)]
    public class IsAuthorized : Attribute
    {
        public IsAuthorized(Rights right)
        {
            bool isAuthorized = false;

            if (right == Rights.None)
                isAuthorized = true;
            else
            {
                DataAccessLayer.IDAL dal = new DataAccessLayer.DAL();
                string userName = Thread.CurrentPrincipal.Identity.Name;
                Guid userID = dal.GetUserIDFromUserName(userName);

                isAuthorized = dal.HasRight(userID, right.ToString());
            }

            if (!isAuthorized)
                throw new SecurityException("You don't have the rights to perform this action");
        }
    }

And this is how I how like to check if the user has the authority to access the method:

[IsAuthorized(Rights.CreateUserGroup)]
    public string Ping()
    {
       return "The service is online";
    }

解决方案

Something like this might point you in the right direction;

using System;
using System.Security;
using System.Security.Permissions;

namespace AccessThingie {

    [Serializable]
    [AttributeUsageAttribute(AttributeTargets.Method)]
    public class IsAuthorized  : CodeAccessSecurityAttribute {
        private static readonly PrincipalPermission Allowed = new PrincipalPermission(PermissionState.None);
        private static readonly PrincipalPermission NotAllowed = new PrincipalPermission(PermissionState.Unrestricted);

        public static class Rights
        {
            public const string None = "None";
            public const string CreateUserGroup = "CreateUserGroup";
        }

        public string Right { get; set; }

        public IsAuthorized(SecurityAction action)
            : base(action) 
        {
        }

        public override IPermission CreatePermission()
        {
            return IsAuthorised(Right) ? Allowed : NotAllowed;
        }

        private static bool IsAuthorised(string right)
        {
            if (right == Rights.None)
                return true;
            else {
                /* Enable this
                DataAccessLayer.IDAL dal = new DataAccessLayer.DAL();
                string userName = Thread.CurrentPrincipal.Identity.Name;
                Guid userID = dal.GetUserIDFromUserName(userName);
                return dal.HasRight(userID, right);
                */
                return false;
            }
        }
    }

    class Program {

        [IsAuthorized(SecurityAction.Demand, Right = IsAuthorized.Rights.CreateUserGroup)]
        public static string Ping()
        {
            return "The service is online";
        }

        private static void Main(string[] args)
        {
            Ping();
        }
    }
}

Hope this helps,
Fredrik

这篇关于使用C＃中的属性来检查用户的授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

使用C＃中的属性来检查用户的授权 [英] Using attributes in C# to check authorization of user

问题描述

相关文章

其他开发语言最新文章

热门教程

热门工具

登录关闭

使用C＃中的属性来检查用户的授权 [英] Using attributes in C# to check authorization of user

问题描述

相关文章

其他开发语言最新文章

热门教程

热门工具

登录 关闭

登录关闭