用户和角色管理MVC4 [英] User and Role Management MVC4

问题描述

我在MVC4写一个定制的网络体系，这个体系的一部分，需要一个管理员用户来管理公司的角色和用户提供给系统的某些地区访问和权限。该系统具有的模块系统中的

I am writing a bespoke web system in MVC4, part of this system requires an Admin user to manage roles and users in the company to provide access and permissions to certain areas of the system. The system has modules in the system:

销售
生产

的管理团队希望在系统中创建角色和应用权限给这些角色的能力。例如。销售的作用将被拒绝访问生产，但销售经理可以有只读到生产准入。

The admin team would like the ability to create roles in the system and apply permissions to those roles. E.g. Sales role would be denied access to production but the Sales Manager can have read only access to Production.

我要寻找到这个管理一个单一管理界面的最佳方法的一个例子。管理员需要

I am looking for an example of the best approach to managing this for a single admin screen. Admin needs to

• 创建角色


• 创建用户


• 分配角色


• 分配角色权限的模块和动作系统

此外，我怎么会在控制器级别实现它的角色需要动态分配？

Also how would I implement it at a Controller level as the roles need to be dynamically assigned?

[Authorize(Roles="Sales")] // needs to be dynamic
public ActionResult SalesIndex(){

    return View();

}

任何想法，将AP preciated

Any ideas would be appreciated

感谢

推荐答案

您需要创建自定义 AuthorizeAttribute 像这样

You need to create custom AuthorizeAttribute like this

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var userIdentity = httpContext.User.Identity;

        if (!userIdentity.IsAuthenticated)
            return false;

        var rd = httpContext.Request.RequestContext.RouteData;
        string currentAction = rd.GetRequiredString("action");
        if(currentAction == "SalesIndex") 
        {
            return IsUserIsInRoleForTheView(userIdentity.Name);    
        }

        return true;
    }
}

[CustomAuthorize] 
public ActionResult SalesIndex()
{
    return View();
}

这篇关于用户和角色管理MVC4的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！