在ASP.NET MVC非字符串角色名? [英] Non-string role names in ASP.NET MVC?

查看:116
本文介绍了在ASP.NET MVC非字符串角色名?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

ASP.NET MVC具有基于角色的安全性很好的支持,但字符串作为角色名称的用法是郁闷,仅仅是因为他们不能被强类型的枚举。

ASP.NET MVC has good support for role-based security, but the usage of strings as role names is maddening, simply because they cannot be strongly-typed as enumerations.

例如,我有我的应用程序的管理员的角色。 管理的字符串现在存在于我的行动的授权属性,在我的母版页(隐藏选项卡),在我的数据库(定义提供给每个用户的角色),并在我的$ C $任何其他地方C或视图文件,我需要为管理员或非管理员用户执行特殊的逻辑。

For example, I have an "Admin" role in my app. The "Admin" string will now exist in the Authorize attribute of my action, in my master page (for hiding a tab), in my database (for defining the roles available to each user), and any other place in my code or view files where I need to perform special logic for admin or non-admin users.

有没有更好的解决办法,总之写我自己的授权属性和过滤器,这将有可能枚举值的集合?

Is there a better solution, short of writing my own authorization attribute and filter, that would perhaps deal with a collection of enumeration values?

推荐答案

我通常使用一类具有一串字符串常量。这不是一个完美的解决方案,因为你需要记住坚持无处不在使用它,但至少摆脱错别字的可能性。

I usually use a class with a bunch of string constants. It's not a perfect solution, since you need to remember to stick to using it everywhere, but at least it gets rid of the possibility of typos.

static class Role {
    public const string Admin = "Admin";
}

这篇关于在ASP.NET MVC非字符串角色名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆