asp.net Identity 2.1中的文件夹授权 [英] Folder authorization in asp.net Identity 2.1
本文介绍了asp.net Identity 2.1中的文件夹授权的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我搜索了.net身份2.1中的文件夹或文件,但没有找到基于角色的授权,因为存在基于表单的授权
I searched but couldn't find role based authorization for access to folders or files in .net identity 2.1 as there is in form based authorization
<location path="Pictures">
<system.web>
<authorization>
<allow roles="Administrators"/> //Allows users in Admin role
<deny users="*"/> // deny everyone else
</authorization>
</system.web>
</location>
有什么方法可以在.net身份中实现这一点?
Is there any way to implement this in .net identity?
推荐答案
您可以编写过滤器:
public class FilterStaticFilesAttribute : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
var request = actionContext.Request;
if (request.RequestUri.LocalPath.StartsWith("\Pictures", System.StringComparison.InvariantCultureIgnoreCase))
{
if (!request.GetOwinContext().Authentication.User.IsInRole("Administrators"))
{
actionContext.Response.StatusCode = HttpStatusCode.Forbidden;
return;
}
}
base.OnAuthorization(actionContext);
}
}
在WebApiConfig中注册.注册:
Register in WebApiConfig.Register:
public static void Register(HttpConfiguration config)
{
config.Filters.Add(new FilterStaticFilesAttribute());
}
这是什么:alle请求将通过注册的过滤器.在过滤器内部,确定是否是对静态文件位置的调用.仅当用户具有管理员角色时,才授予访问权限.
What this does: alle requests will pass the registered filter. Inside the filter determine if it is a call to the static files location. Only if the user has the role of Administrators then access is granted.
这篇关于asp.net Identity 2.1中的文件夹授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文