mvc3中的自定义角色模块 [英] Custom Role Module in mvc3
问题描述
我是mvc3的新手.
我将要使用基于多个角色的系统.所以我已经为此user_master(user_id,user_name)创建了表3表,
role_master(角色ID,角色名称),
role_to_user(角色ID,用户ID),
我将创建自定义角色模块,并获得所有用户角色,但是现在我如何检查该角色.给我一个将多个角色分配给一个用户并按角色访问视图的示例示例.
例如,用户ID 1的角色ID为:1、5、7、9.
并会像这样检查状况
<%if(User.IsInRole(删除角色"))
{%>
< button id ="feedback-open-button" class ="buttonStyle1">新公司</button><%}%>
谢谢.
I am new in mvc3.
I will want to use multiple role based system. so i have create table 3 table for this user_master (user_id,user_name),
role_master(role_id,role-name),
role_to_user(role_id,user_id),
and i will create custom role module and i will get all user role but now how can i check this role. give me sample example for multiple role assign to one user and access view as per role.
for example user id 1 has role id:1,5,7,9.
and will check condition in view like this
<%if (User.IsInRole("delete role"))
{ %>
<button id="feedback-open-button" class="buttonStyle1" >New Company</button><% } %>
Thank you.
推荐答案
好.首先,我强烈建议您不要手动滚动.即使对于有经验的人来说,正确设置安全性也非常困难.
您可以继续使用ASP.NET(窗体)应用程序中可用的默认提供程序.主要区别在于,在MVC3中,最好用代码而不是Web.config中的路径来保护操作方法(例如,可以从非常不同的URL调用操作,具体取决于您的schemerschema) ).
.Net带有Sql(和许多其他后备存储)的默认提供程序.可以使用aspnet_regsql注册该数据库,因此您无需创建自己的架构.如果您想要除默认行为以外的其他内容,还可以将默认提供程序子类化(或编写您自己的).
以下是经典" asp.net的一些资源:
http ://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx [ ^ ]
ASP.NET成员资格和角色提供者 [
OK. First I strongly suggest that you don''t hand-roll this. Getting security right is very hard, even for an experienced hand.
You can continue to use the default providers that were available in ASP.NET (forms) applications. The main difference is that in MVC3 it is better to secure the action methods in code rather than paths in the Web.config (for instance the action can be called from very different URLs, depending on yourschemerschema).
.Net comes with a default provider for Sql (and many other backing-stores). The database can be registered with aspnet_regsql, so you don''t need to create your own schema. You can also subclass the default providers (or write your own) if you want something other than the default behaviour.
Here are some resources for "classic" asp.net:
http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx[^]
ASP.NET Membership and Role Provider[^]
You config the membership and roles providers up just as yuo would for a vanilla ASp.NET, except for securing the paths. To secure an Action Method you decorate with authorize attributes:
[Authorize(Roles="RoleNameHere")]
public ActionResult Foo()
{
....
}
请注意,Authorize也可以采用Users="Usernamehere",并且可以根据需要构建复杂的角色树.您的剃须刀if (User.IsInRole("delete role"))也可以使用.
如果需要快速尝试,请创建一个新的MVC3 Internet 应用程序.针对您的数据库运行ASPNET_regsql,并配置系统以使用该数据库.可以在此处找到详细说明 [ ^ ]
修复了一个拼写错误,该错误太过严重而无法忽略.现在,我需要检查字典中的"egregious"一词.
Note that the Authorize can also take Users="Usernamehere" and complex role trees can be built up if needed. Also your Razor if (User.IsInRole("delete role")) will work.
If you need to try this quickly, create an new MVC3 Internet application. Run ASPNET_regsql against your database and configure you system to use that database. Detailed instructions can be found here[^]
Fixed a spelling mistake that was too egregious to ignore. I now need to check the word egregious in the dictionary.
这篇关于mvc3中的自定义角色模块的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
