ASP.Net MVC如何确定用户可以访问网址？ [英] ASP.Net MVC how to determine if a user can access a URL?

问题描述

所以我读了另一个问题关于登录循环，当你有一个用户登录，设置返回到他们可能没有在（即一个管理页面登录后访问的URL，用户登录时使用正常的帐户）。

So I was reading another question regarding login loop when you have a user logging in, set to return to a URL which they might not have access to after logging in (ie. an admin page, and the user logs in with a normal account).

下的WebForms的解决方案似乎是利用 UrlAuthorizationModule.CheckUrlAccessForPrincipal 方法。然而，这并不针对URL去与授权属性安全行动方法的工作。我想我可以解决URL在指向的方法，并反映在它解决我的问题 - 但我似乎无法找出如何得到这个信息从路由表中的

The solution under WebForms seems to be to utilize the UrlAuthorizationModule.CheckUrlAccessForPrincipal method. However that does not work for URLs going to Action Methods secured with the Authorize Attribute. I figured I could work out which method the URL was pointing at and reflect over it to solve my problem - but I can't seem to work out how I get this information out of the routing table.

有谁有这个工作，或者有一个解决方案？如果我可以得到从URL路由信息保持我想我可以工作休息了，但如果任何人有一个通用的解决方案 - 即。一些隐藏的方法类似于之前提到的一个MVC，那么这将是完全真棒为好。

Anyone ever worked with this, or have a solution for this? If I can just get hold of the route information from a URL I think I could work the rest out, but if anyone has a generic solution - ie. some hidden method akin to the before mentioned one for MVC, then that would be totally awesome as well.

我不问如何检查用户是否具有存取权限到指定的控制器/动作对。我首先需要解决如何根据从RouteTable控制器/动作对关闭的URL来获得。之所以所有的背景故事，如果有确实存在一个相当于 UrlAuthorizationModule.CheckUrlAccessForPrincipal 为MVC。

I'm not asking how to check if the User has acces to a specified Controller/Action pair. I first and foremost need to work out how to get the Controller/Action pair from the RouteTable based off the URL. The reason for all the background story, is in case that there does indeed exist an equivalent to UrlAuthorizationModule.CheckUrlAccessForPrincipal for MVC.

推荐答案

什么是你正在试图解决这个问题？这听起来像你可能会走向下一个复杂的解决方案，可以使用一个简单的解决方案，而不是一个路径。

What is the problem you are trying to solve? It sounds like you may be headed down a path to a complex solution that could use a simple solution instead.

如果用户没有权限登录后才能访问的页面，你想不登录的用户转到一个页面，而在用户登录到不同的网页？

If a user doesn't have permissions to access the page after login, are you wanting non-logged in users to go to one page, while logged in users go to a different page?

如果这就是我也许会创造另一个控制器为这样的场景，并重定向到任何地方控制用户无权访问的情况。或者，如果您使用的是自己的基地控制器我会把功能那里。

If that's the case I might be tempted to create another controller for just such scenarios and redirect to that controller anywhere the user doesn't have access. Or if you are using your own base Controller I would put the functionality there.

然后，控制器可以present所需的视图。例如，如果一个非登录用户试图访问他们可以重定向页面到一个通用的错误页面。如果用户登录，他们可以重定向到一个未授权的页面。

Then the controller could present the desired view. For example if a non-logged in user tries to access a page they could get redirected to a generic error page. If the user is logged in, they could get redirected to a not authorized page.

这是非常类似罗伯特的答案。

This is very similar to Robert's answer.

下面是一个基本控制器的基本骨架。

Here's a basic skeleton for a base controller.

public BaseController: Controller
{

... // Some code

    public ActionResult DisplayErrorPage()
    {
        // Assumes you have a User object with a IsLoggedIn property
        if (User.IsLoggedIn())    
            return View("NotAuthorized");

        // Redirect user to login page
        return RedirectToAction("Logon", "Account");
    }

}

然后在可以说一个AdminController（从BaseController继承）动作

Then in lets say a AdminController (that inherits from BaseController) action

public ActionResult HighlyRestrictedAction()
{
    // Assumes there is a User object with a HasAccess property
    if (User.HasAccess("HighlyRestrictedAction") == false)
        return DisplayErrorPage();

    // At this point the user is logged in and has permissions
    ...
}

这篇关于ASP.Net MVC如何确定用户可以访问网址？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！