在登录后保护整个网站,即“授权"所有控制器中的所有动作 [英] Protect entire website behind a login i.e. "Authorize" all Actions within all controllers
问题描述
标题几乎说明了一切.
我有一个仅在登录后才能运行的网站,所以我想确保除非您登录,否则无法访问任何内容.这包括ActionResults,JsonResults等...
I have a website which will only run behind a login so I want to ensure that nothing can be accessed unless you're logged in. This includes ActionResults, JsonResults etc...
目前,我的控制器上都有[Authorize]
,这很繁琐,并且不是很干:)
Currently, I have [Authorize]
all over my controllers which is quite tedious and not very DRY :)
那我可以用1条神奇的代码保护整个网站吗? (显然需要访问登录页面)
此外,请注意,我仍然需要进一步保护某些操作,以仅由某些用户/角色使用
推荐答案
如果您有多个控制器,则创建一个AuthorizeController,从该继承您必须受保护的控制器.只需将[Authorize]
属性设置为AuthorizeController:
If you have multiple controllers, then make a AuthorizeController from which you inherit your controllers that must be protected. Just set the [Authorize]
attribute to the AuthorizeController:
[Authorize]
public class AuthorizeController: Controller
{
}
public class HomeController : AuthorizeController
{
...
}
// don't inherit AccountController from AuthorizeController
public class AccountController : Controller
{
public ActionResult Login()
{
...
}
}
这篇关于在登录后保护整个网站,即“授权"所有控制器中的所有动作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!