有许多角色ASP.NET MVC用户授权 [英] ASP.NET MVC Authorize user with many roles

问题描述

我需要授权在我的ASP.NET MVC应用程序具有两个角色的用户控制器。
我使用的授权属性是这样的：

I need to authorize a Controller in my ASP.NET MVC application to users which have two roles. I am using Authorize attribute like this:

[授权（角色=制片人，主编）]

[Authorize(Roles = "Producer, Editor")]

但是，这允许生产者和编辑到控制器。我只希望让用户有两个角色，而不只是其中之一。

But this allows Producers and Editors to the controller. I want only to allow users having both roles, not just one of them.

我怎么能achive呢？

How could i achive this?

推荐答案

您应该做您的自定义 AuthorizeAttribute

public class AuthorizeMultipleAttribute : AuthorizeAttribute
{

   //Authorize multiple roles
   public string MultipleRoles { get; set; }

  protected override bool AuthorizeCore(HttpContextBase httpContext)
  {
      var isAuthorized = base.AuthorizeCore(httpContext);
      if (!isAuthorized)
      {                
        return false;
      }

      //Logic here
      //Note: Make a split on MultipleRoles, by ','
      //User is in both roles => return true, else return false
  }

}

DEMO：

[AuthorizeMultiple(MultipleRoles ="Role1,Role2")]
public class UserController{
}

这篇关于有许多角色ASP.NET MVC用户授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！