ASP .NET MVC 5 6 3身份角色声明组 [英] ASP .NET 5 MVC 6 Identity 3 Roles Claims Groups
问题描述
目前,我正在寻找一种使用ASP .NET MVC 5 6的高级角色/用户组权限管理,身份3.我开始了新的preVIEW启动Web项目用集成方便登录系统的解决方案。
I'm currently looking for a solution to use an advanced Roles/Group Permission management in ASP .NET 5 MVC 6 with Identity 3. I started a new Preview Starter Web Project with a integrated easy login system.
现在我需要一个复杂的用户权限管理具有以下功能:
Now I need a complex "users permission management" with following functions:
- 的用户可以在多个组/角色
- 一组/角色有很多访问对象(例如CanAccessUser,CanEditUser ...)
- 这些访问对象(也许宣称?)各组/角色相得益彰
- (可选的最终解决方案):另外=>访问对象(也许索赔),可以由一组独立分配给用户
我已经看到,已经认同大致为我的表结构的配件。 (例如AspNetUsers,AspNetUserRoles,AspNetRoles,AspNetRoleClaims)
I have seen that identity already broadly provides a fitting for me table structure . (e.g. AspNetUsers, AspNetUserRoles, AspNetRoles, AspNetRoleClaims),
但我缺少一个很好的例子/文档使用它们。
But I'm missing a good example / documentation to use them.
有关MVC 5,我用这个例子:用户有很多组,一组可以有多个角色(角色是在源$ C $ C的类/函数对象的访问)
<一href=\"http://typecastexception.com/post/2014/08/10/ASPNET-Identity-20-Implementing-Group-Based-Permissions-Management.aspx\">ASP.NET身份2.0:实现基于组的权限管理
For MVC 5, I used this example: Users have many groups, a group can have many roles (Roles are the Access Objects in source code for classes / functions) ASP.NET Identity 2.0: Implementing Group-Based Permissions Management
存在已经是一个工作示例这些要求,你不必推倒重来。
Exists for these requirements already a working example that you do not have to reinvent the wheel.
推荐答案
我们在这里同一条船上,没有太多的从课程的源读取方面除了...
We were in the same boat here, without much in terms of reading apart from the source of course...
我们结束了执行政策。所需要的授权策略是一组权利要求得到满足。那么这些策略可以应用到控制器。
We ended up implementing Policies. Policies being a group of Claims that are required for authorization to be satisfied. these Policies can then be applied to Controllers.
您可以在Startup.cs定义你的政策,ConfigureServices:
You can define your Policies in Startup.cs, ConfigureServices:
services.AddAuthorization(options =>
{
options.AddPolicy("SalesSenior", policy =>
{
policy.RequireClaim("department", "sales");
policy.RequireClaim("status", "senior");
});
});
我们定义的角色,分配1个或多个声明,对他们分配到的角色让他们反对击中控制器相应的策略来检查用户。
We defined Roles, assigned 1 or more Claims to them and assigned Roles to Users allowing them to be checked against the appropriate Policy on hitting a Controller.
您可以注入 IAuthorizationService 成控制器或属性像这样:
You can inject the IAuthorizationService into a Controller or Attribute as so:
public class SalesDashboardController: Controller
{
private readonly IAuthorizationService _authz;
public VarianceOverviewController(IAuthorizationService authz)
{
_authz = authz;
}
...
}
您可以再使用 IAuthorizationService 来检查用户的要求是否正当...
You can then use the IAuthorizationService to check the validity of a users claims...
if (await _authz.AuthorizeAsync(User, "SalesSenior"))
{
// User is authorized
}
<一个href=\"http://leastprivilege.com/2015/10/12/the-state-of-security-in-asp-net-5-and-mvc-6-authorization/\"相对=nofollow>这篇文章是我这个东西主要来源,对我来说是一个伟大的底漆。祝你好运!
This article was my main source for this stuff and was a great primer for me. Good luck!
这篇关于ASP .NET MVC 5 6 3身份角色声明组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
