ASP.NET MVC窗体身份验证和未经验证控制器动作 [英] ASP.NET MVC Forms authentication and unauthenticated controller actions
问题描述
我有一个锁定使用窗体身份验证一个ASP.NET MVC的网站。 web.config中有
I have a ASP.NET MVC site that is locked down using Forms Authentication. The web.config has
<authentication mode="Forms">
<forms defaultUrl="~/Account/LogOn" loginUrl="~/Account/LogOn" timeout="2880"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
比帐户/ LogOn支持其他我的网页均无法查看,除非用户进行身份验证。
None of my pages other than Account/LogOn can be viewed unless the user is authenticated.
现在我想贝宝IPN添加到我的网站,为了做到这一点,我需要有一个处理PayPal的支付确认,并感谢您页两页。这两个页面需要提供匿名用户。
Now I am trying to add PayPal IPN to my site and in order to do that I need to have two pages that handle PayPal's payment confirmation and thank you page. These two pages need to be available for anonymous users.
我想这些网页是从我的账户控制器控制器动作。有没有什么办法可以适用于具体的操作方法,使他们对匿名用户可用的属性?我发现几个职位在这里,试图这样做,但有很多人想要的相反的情况。
I would like these pages to be controller actions off my Account controller. Is there any way I can apply an attribute to specific action methods that make them available to anonymous users? I found a several posts here that attempt to do that but there was most people wanted the opposite scenario.
基本上我想可能AccountController类有大多数的方法没有授权除少数。现在它看起来像只登录方法可用于匿名用户。
Basically I want may AccountController class to have no authorization for most of the methods except for a few. Right now it looks like only the LogOn method is available to anonymous users.
在此先感谢您的帮助。
推荐答案
当然可以。在你的AccountController有一个[授权]对类级-attribute是(使整个控制器的限制)或在特定的方法。
Yes you can. In your AccountController there's an [Authorize]-attribute either on class-level (to make the whole controller restricted) or on specific methods.
为了限制你只需使用授权属性上处理这些动作方法的具体行动,并留下控制器级不受限制。
To make specific actions restricted you simply use the Authorize-attribute on the methods that handle these actions, and leave the controller-class unrestricted.
下面是几个例子...希望它能帮助
Here are a few examples... hope it helps
要要求用户登录,使用:
To require users to login, use:
[Authorize]
public class SomeController : Controller
// Or
[Authorize]
public ActionResult SomeAction()
要限制特定角色的访问,使用:
To restrict access for specific roles, use:
[Authorize(Roles = "Admin, User")]
public class SomeController : Controller
// Or
[Authorize(Roles = "Admin, User")]
public ActionResult SomeAction()
和限制特定用户的访问,使用:
And to restrict access for specific users, use:
[Authorize(Users = "Charles, Linus")]
public class SomeController : Controller
// Or
[Authorize(Users = "Charles, Linus")]
public ActionResult SomeAction()
正如你所看到的,您可以使用该属性在类级别或方法级别。您的选择!
As you can see, you can either use the attribute at class-level or at method-level. Your choice!
这篇关于ASP.NET MVC窗体身份验证和未经验证控制器动作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!