ASP.NET MVC角色授权 [英] ASP.NET MVC Roles Authorization
问题描述
我要让角色默认为我的控制器类为管理员,内容编辑
I want to make the roles default for my controller class to "Administrators, Content Editors"
[Authorize(Roles = "Administrators, Content Editor")]
我已经被装饰与上面的属性控制器做到了这一点。然而,有一个动作,我想提供给所有(即视图)。我怎么能重置角色让大家(包括完全未经授权的用户)对这一行动的访问。
I've done this by adorning the controller with the attribute above. However, there is one action that I want to be available to all (namely "View"). How can I reset the Roles so that everyone (including completely unauthorized users) have access for this action.
注:我知道我可以装饰与上述授权属性的每一个动作等动作,但我不希望有这样做,所有的时间。我希望所有的控制器动作是在默认情况下unacessible所以,如果有人将一个动作他们必须做出一个深思熟虑的决定,以将其提供给广大公众。
Note: I know I could adorn every single action other action with the authorize attribute above but I don't want to have to do that all the time. I want all of the controllers actions to be unacessible by default so that if anyone adds an action they have to make a considered decision to make it available to the general public.
推荐答案
MVC4有一个新的属性究竟意味着这个 [使用AllowAnonymous]
MVC4 has a new attribute exactly meant for this [AllowAnonymous]
[AllowAnonymous]
public ActionResult Register()
<一个href=\"http://blogs.msdn.com/b/rickandy/archive/2012/03/23/securing-your-asp-net-mvc-4-app-and-the-new-allowanonymous-attribute.aspx\">http://blogs.msdn.com/b/rickandy/archive/2012/03/23/securing-your-asp-net-mvc-4-app-and-the-new-allowanonymous-attribute.aspx
这篇关于ASP.NET MVC角色授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!