有许多角色ASP.NET MVC用户授权 [英] ASP.NET MVC Authorize user with many roles
本文介绍了有许多角色ASP.NET MVC用户授权的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我需要授权在我的ASP.NET MVC应用程序具有两个角色的用户控制器。
我使用的授权属性是这样的:
I need to authorize a Controller in my ASP.NET MVC application to users which have two roles. I am using Authorize attribute like this:
[授权(角色=制片人,主编)]
[Authorize(Roles = "Producer, Editor")]
但是,这允许生产者和编辑到控制器。我只希望让用户有两个角色,而不只是其中之一。
But this allows Producers and Editors to the controller. I want only to allow users having both roles, not just one of them.
我怎么能achive呢?
How could i achive this?
推荐答案
您应该做您的自定义 AuthorizeAttribute
public class AuthorizeMultipleAttribute : AuthorizeAttribute
{
//Authorize multiple roles
public string MultipleRoles { get; set; }
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAuthorized = base.AuthorizeCore(httpContext);
if (!isAuthorized)
{
return false;
}
//Logic here
//Note: Make a split on MultipleRoles, by ','
//User is in both roles => return true, else return false
}
}
DEMO:
[AuthorizeMultiple(MultipleRoles ="Role1,Role2")]
public class UserController{
}
这篇关于有许多角色ASP.NET MVC用户授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文