ASP.NET MVC:使用URL限制访问 [英] ASP.NET MVC: Restricting access using url
问题描述
我的网站的管理部分的URL总是以管理/
启动。是否有可能在ASP.NET MVC通过使用URL的这部分限制访问用户?
The URL for the administration section of my website always starts with Admin/
. Is it possible in ASP.NET MVC to restrict access to users by using this part of the URL?
显然,我会保持在 [授权(角色=管理员)]
适当的控制器和行动,但我不知道它是否会更快的应用程序,如果它可以光看网址,而不是步入code的。
Obviously I would keep the [Authorize(Roles = "Administrator")]
on appropriate controllers and actions but I wonder if it would be quicker for the application if it can just look at the URL instead of stepping into code.
推荐答案
发现在史蒂芬·桑德森的书的答案,<一个href=\"http://books.google.co.nz/books?id=Xb3a1xTSfZgC&pg=PA529&lpg=PA529&dq=ASP.NET+MVC%3A+Restricting+access+using+url&source=bl&ots=J9HbYav7ao&sig=aT3TSIBV8hVrlF1BHgdAbEsQBdI&hl=en&ei=jOieSoeeHYPQsQOq1O2PDg&sa=X&oi=book%5Fresult&ct=result&resnum=1#v=onepage&q=&f=false\"相对=nofollow>临ASP.NET MVC框架。
Found the answer in Steven Sanderson's book, Pro ASP.NET MVC Framework.
将下面的code在你的web.config文件。
Put the following code in your web.config file.
<location path ="Admin">
<system.web>
<authorization>
<deny users="?"/>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
这意味着任何URL匹配〜/行政/ *
,应用程序将拒绝访问未经验证的游客或
任何其他的游客比那些角色管理员等。
This means for any URL matching ~/Admin/*
, the application will deny access to unauthenticated visitors or
any other visitors other than those with the role 'Administrator'.
这篇关于ASP.NET MVC:使用URL限制访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!