在ASP.NET MVC非字符串角色名？ [英] Non-string role names in ASP.NET MVC?

问题描述

ASP.NET MVC具有基于角色的安全性很好的支持，但字符串作为角色名称的用法是郁闷，仅仅是因为他们不能被强类型的枚举。

ASP.NET MVC has good support for role-based security, but the usage of strings as role names is maddening, simply because they cannot be strongly-typed as enumerations.

例如，我有我的应用程序的管理员的角色。 管理的字符串现在存在于我的行动的授权属性，在我的母版页（隐藏选项卡），在我的数据库（定义提供给每个用户的角色），并在我的$ C $任何其他地方C或视图文件，我需要为管理员或非管理员用户执行特殊的逻辑。

For example, I have an "Admin" role in my app. The "Admin" string will now exist in the Authorize attribute of my action, in my master page (for hiding a tab), in my database (for defining the roles available to each user), and any other place in my code or view files where I need to perform special logic for admin or non-admin users.

有没有更好的解决办法，总之写我自己的授权属性和过滤器，这将有可能枚举值的集合？

Is there a better solution, short of writing my own authorization attribute and filter, that would perhaps deal with a collection of enumeration values?

推荐答案

我通常使用一类具有一串字符串常量。这不是一个完美的解决方案，因为你需要记住坚持无处不在使用它，但至少摆脱错别字的可能性。

I usually use a class with a bunch of string constants. It's not a perfect solution, since you need to remember to stick to using it everywhere, but at least it gets rid of the possibility of typos.

static class Role {
    public const string Admin = "Admin";
}

这篇关于在ASP.NET MVC非字符串角色名？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！