ASP.NET MVC如何创建自定义角色提供程序 [英] ASP.NET MVC How to create a custom role provider

查看:76
本文介绍了ASP.NET MVC如何创建自定义角色提供程序的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

对于ASP MVC来说相对较新,我不确定哪一种更适合我的需求.我已经使用Windows身份验证建立了一个Intranet网站,并且能够使用Active Directory角色来保护控制器和操作,例如

Being relatively new to ASP MVC, I'm unsure which would better suit my needs. I have built an intranet site using Windows authentication and I'm able to secure controllers and actions using the Active Directory roles, e.g.

[Authorize(Roles="Administrators")]
[Authorize(Users="DOMAIN\User")]
public ActionResult SecureArea()
{
    ViewBag.Message = "This is a secure area.";
    return View();
}

我需要独立于AD角色定义自己的安全角色.所需的功能是根据与我的应用程序数据库中与他们的个人资料关联的一个或多个角色,向经过身份验证的用户授予对特定操作的访问权限,例如:管理员",用户",访客",分析师",开发人员"等.

I need to define my own security roles independent of the AD roles. The desired functionality is that authenticated users are granted access to specific actions according to one or more roles associated with their profile in my application database e.g: "Manager", "User", "Guest", "Analyst", "Developer" etc.

如何创建自定义角色提供者和/或自定义授权属性?

推荐答案

我的解决方案是创建一个自定义角色提供程序.这是我采取的步骤,以防万一其他人以后需要帮助:

My solution was to create a custom role provider. Here are the steps I took, in case anyone else needs help later:

创建自定义用户和角色类 

using Microsoft.AspNet.Identity.EntityFramework;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace Security.Models.Security
{
    public class AppRole : IdentityRole
    {
    }
}


using Microsoft.AspNet.Identity.EntityFramework;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace Security.Models.Security
{
    public class AppUser : IdentityUser
    {
    }
}

设置数据库上下文 

using Microsoft.AspNet.Identity.EntityFramework;
using Security.Models.Security;
using System;
using System.Collections.Generic;
using System.Data.Entity;
using System.Linq;
using System.Web;

namespace Security.Models.DAL
{
    public class UserContext : IdentityDbContext<AppUser>
    {
        public UserContext() : base("UserContext")
        {
            Database.SetInitializer<UserContext>(new CreateDatabaseIfNotExists<UserContext>());
        }
    }
}

创建您的角色提供程序并实现以下方法 

using Security.Models.DAL;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;

namespace Security.Models.Security
{
    public class AppRoleProvider : RoleProvider
    {
        public override string[] GetAllRoles()
        {
            using (var userContext = new UserContext())
            {
                return userContext.Roles.Select(r => r.Name).ToArray();
            }
        }

        public override string[] GetRolesForUser(string username)
        {
            using (var userContext = new UserContext())
            {
                var user = userContext.Users.SingleOrDefault(u => u.UserName == username);
                var userRoles = userContext.Roles.Select(r => r.Name);

                if (user == null)
                    return new string[] { };
                return user.Roles == null ? new string[] { } :
                    userRoles.ToArray();
            }
        }

        public override bool IsUserInRole(string username, string roleName)
        {
            using (var userContext = new UserContext())
            {
                var user = userContext.Users.SingleOrDefault(u => u.UserName == username);
                var userRoles = userContext.Roles.Select(r => r.Name);

                if (user == null)
                    return false;
                return user.Roles != null &&
                    userRoles.Any(r => r == roleName);
            }
        }
    }
}

编辑您的web.config以设置数据库连接和角色提供者参考 

<connectionStrings>
    <add name="UserContext" connectionString="Data Source=(LocalDb)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\UserContext.mdf;Initial Catalog=UserContext;Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
</connectionStrings>


<system.web>
    ...
    <authentication mode="Windows" />        
    <roleManager enabled="true" defaultProvider="AppRoleProvider">
      <providers>
        <clear/>
        <add name="AppRoleProvider" type="Security.Models.Security.AppRoleProvider" connectionStringName = "UserContext"/>
      </providers>
      ...
    </roleManager>
  </system.web>

在程序包管理器控制台中,启用迁移 

enable-migrations

在新创建的Configurations.cs中,设置用户/角色存储和管理器,并将用户管理器验证器配置为接受'\'字符 

namespace Security.Migrations
{
    using Microsoft.AspNet.Identity;
    using Microsoft.AspNet.Identity.EntityFramework;
    using Security.Models.Security;
    using System;
    using System.Data.Entity;
    using System.Data.Entity.Migrations;
    using System.Linq;

    internal sealed class Configuration : DbMigrationsConfiguration<Security.Models.DAL.UserContext>
    {
        public Configuration()
        {
            AutomaticMigrationsEnabled = true;
            ContextKey = "Security.Models.DAL.UserContext";
        }

        protected override void Seed(Security.Models.DAL.UserContext db)
        {
            // Set up the role store and the role manager
            var roleStore = new RoleStore<AppRole>(db);
            var roleManager = new RoleManager<AppRole>(roleStore);

            // Set up the user store and the user mananger
            var userStore = new UserStore<AppUser>(db);
            var userManager = new UserManager<AppUser>(userStore);

            // Ensure that the user manager is able to accept special characters for userNames (e.g. '\' in the 'DOMAIN\username')            
            userManager.UserValidator = new UserValidator<AppUser>(userManager) { AllowOnlyAlphanumericUserNames = false };

            // Seed the database with the administrator role if it does not already exist
            if (!db.Roles.Any(r => r.Name == "Administrator"))
            {
                var role = new AppRole { Name = "Administrator" };
                roleManager.Create(role);
            }

            // Seed the database with the administrator user if it does not already exist
            if (!db.Users.Any(u => u.UserName == @"DOMAIN\admin"))
            {
                var user = new AppUser { UserName = @"DOMAIN\admin" };
                userManager.Create(user);
                // Assign the administrator role to this user
                userManager.AddToRole(user.Id, "Administrator");
            }
        }
    }
}

在程序包管理器控制台中,确保已创建数据库并设置了种子 

update-database

创建自定义授权属性,该属性将在失败时重定向到拒绝访问页面 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace Security.Models.Security
{
    public class AccessDeniedAuthorizationAttribute : AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);

            if(filterContext.Result is HttpUnauthorizedResult)
            {
                filterContext.Result = new RedirectResult("~/Home/AccessDenied");
            }
        }
    }
}

您完成了!现在,您可以创建一个拒绝访问页面(在本例中为〜/Home/AccessDenied),并将该属性应用于任何操作,例如 

using Security.Models.Security;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace Security.Controllers
{
    public class HomeController : Controller
    {
         ...    

        [AccessDeniedAuthorizationAttribute(Roles = "Administrator")]
        public ActionResult SecureArea()
        {
            return View();
        }

        public ActionResult AccessDenied()
        {
            return View();
        }

        ...
    }
}

希望这对以后的人有帮助.祝你好运!

Hope this helps someone in the future. Good luck!

这篇关于ASP.NET MVC如何创建自定义角色提供程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆