ASP.NET MVC3角色和权限管理 - >随着运行权限分配 [英] ASP.NET MVC3 Role and Permission Management -> With Runtime Permission Assignment
问题描述
ASP.NET MVC允许用户在分配权限的功能(即操作)的能力的设计时间的像这样。
[授权(角色=管理员,ContentEditor)]
公众的ActionResult美孚()
{
返回查看();
}
要实际检查的权限,人们可以使用下面的语句中(剃刀)查看:
@if(User.IsInRole(ContentEditor))
{
< DIV方式>这将是可见的只有在ContentEditor角色的用户< / DIV>
}
这种方法的问题是,所有权限必须设置和分配为的属性在的设计时间的。 (属性编译与DLL,所以我presently意识到没有任何机制来应用属性(允许其他权限),如[授权(角色=管理员,ContentEditor)]在的运行。
在我们的使用情况下,客户需要能够部署后更改哪些用户拥有哪些权限的 的。
例如,客户可能希望允许在 ContentEditor用户角色编辑特定类型的一些内容。也许用户是不允许修改的查找表,但现在的客户想要让这种不授予用户的所有的中下一个更高的角色权限。相反,客户端只是想的修改的现有权限用户的电流的作用。
哪些选项策略可以允许MVC控制器/浏览/操作权限进行属性的定义之外(如数据库)和评估,并在运行时?的
如果可能的话,我们非常愿意为密切,因为我们能坚持到ASP.NET成员资格和角色提供的功能,使我们可以继续利用它提供的其他好处。
感谢您事先的任何想法或见解。
选项有什么策略可以允许MVC权限
控制器/视图/的行动属性的外部定义(如在
数据库)和评估,并在运行时应用?自定义属性的授权是一种可能性,以实现这一点:
公共类MyAuthorizeAttribute:AuthorizeAttribute
{
保护覆盖布尔AuthorizeCore(HttpContextBase的HttpContext)
{
角色= ...继续前进,在任何地方存放它们动态撷取这些角色
返回base.AuthorizeCore(HttpContext的);
}
}和则:
[MyAuthorize]
公众的ActionResult美孚()
{
返回查看();
}ASP.NET MVC allows users the ability to assign permissions to functionality (i.e. Actions) at Design Time like so.
[Authorize(Roles = "Administrator,ContentEditor")] public ActionResult Foo() { return View(); }To actually check the permission, one might use the following statement in a (Razor) view:
@if (User.IsInRole("ContentEditor")) { <div>This will be visible only to users in the ContentEditor role.</div> }The problem with this approach is that all permissions must be set up and assigned as attributes at design time. (Attributes are compiled in with the DLL so I am presently aware of no mechanism to apply attributes (to allow additional permissions) such as [Authorize(Roles = "Administrator,ContentEditor")] at runtime.
In our use case, the client needs to be able to change what users have what permissions after deployment.
For example, the client may wish to allow a user in the
ContentEditorrole to edit some content of a particular type. Perhaps a user was not allowed to edit lookup table values, but now the client wants to allow this without granting the user all the permissions in the next higher role. Instead, the client simply wants to modify the permissions available to the user's current role.What options are strategies are available to allow permissions on MVC Controllers/Views/Actions to be defined outside of attributes (as in a database) and evaluated and applied at runtime?
If possible, we would very much like to stick as closely as we can to the ASP.NET Membership and Role Provider functionality so that we can continue to leverage the other benefits it provides.
Thank you in advance for any ideas or insights.
解决方案What options are strategies are available to allow permissions on MVC Controllers/Views/Actions to be defined outside of attributes (as in a database) and evaluated and applied at runtime?
A custom Authorize attribute is one possibility to achieve this:
public class MyAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { Roles = ... go ahead and fetch those roles dynamically from wherever they are stored return base.AuthorizeCore(httpContext); } }and then:
[MyAuthorize] public ActionResult Foo() { return View(); }
这篇关于ASP.NET MVC3角色和权限管理 - &GT;随着运行权限分配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
