ASP.NET MVC角色授权 [英] ASP.NET MVC Roles Authorization

问题描述

我要让角色默认为我的控制器类为管理员，内容编辑

I want to make the roles default for my controller class to "Administrators, Content Editors"

[Authorize(Roles = "Administrators, Content Editor")]

我已经被装饰与上面的属性控制器做到了这一点。然而，有一个动作，我想提供给所有（即视图）。我怎么能重置角色让大家（包括完全未经授权的用户）对这一行动的访问。

I've done this by adorning the controller with the attribute above. However, there is one action that I want to be available to all (namely "View"). How can I reset the Roles so that everyone (including completely unauthorized users) have access for this action.

注：我知道我可以装饰与上述授权属性的每一个动作等动作，但我不希望有这样做，所有的时间。我希望所有的控制器动作是在默认情况下unacessible所以，如果有人将一个动作他们必须做出一个深思熟虑的决定，以将其提供给广大公众。

Note: I know I could adorn every single action other action with the authorize attribute above but I don't want to have to do that all the time. I want all of the controllers actions to be unacessible by default so that if anyone adds an action they have to make a considered decision to make it available to the general public.

推荐答案

MVC4有一个新的属性究竟意味着这个 [使用AllowAnonymous]

MVC4 has a new attribute exactly meant for this [AllowAnonymous]

[AllowAnonymous]
public ActionResult Register()

<一个href=\"http://blogs.msdn.com/b/rickandy/archive/2012/03/23/securing-your-asp-net-mvc-4-app-and-the-new-allowanonymous-attribute.aspx\">http://blogs.msdn.com/b/rickandy/archive/2012/03/23/securing-your-asp-net-mvc-4-app-and-the-new-allowanonymous-attribute.aspx

这篇关于ASP.NET MVC角色授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！