确定是否控制器操作调用前授权 [英] Determine if controller action is authorized before calling it
问题描述
我试图解决的问题在我看来很简单:我的应用程序有一个站点范围内的菜单,从中用户可以浏览到各个方面。菜单项只是链接到的ActionResult方法。我使用的操作的自定义AuthorizeAttribute执行用户的授权角色。这工作正常,因为它prevents用户执行该行动,如果他们没有适当的角色。我想要做什么,但是,甚至没有显示菜单选项,导航到该行动,如果他们没有被授权执行它。
The problem I'm trying to solve seems very simple to me: My application has a site-wide menu from which the user can navigate to various areas. The menu items are simply links to ActionResult methods. I'm using a custom AuthorizeAttribute on the actions to enforce the user's authorization roles. That works fine, in that it prevents the user from executing the action if they don't have the appropriate roles. What I want to do, though, is not even show the menu option to navigate to that action if they aren't authorized to perform it.
因此,在最简单的层面上,我希望能够做这样的事:
So, at the simplest level, I want to be able to do something like this:
var isAuthorized = IsAuthorized("ControllerName", "ActionName", currentUser);
该IsAuthorized方法会再看看在行动的任何AuthorizeAttributes,并评估特定用户是否能够执行它。
The IsAuthorized method would then look at any AuthorizeAttributes on the action, and evaluate whether the given user would be able to execute it.
这样的做法是否存在?假设我们没有在这个我们正在做这样的评价一点都控制器的一个实例。
Does such an approach exist? Assume that we don't have an instance of the controller at the point that we're making this evaluation.
推荐答案
在寻找一种方法,这第二遍实际上导致正是我一直在寻找。我会在这里留下的情况下这个问题,它会导致其他人这个答案。
A second pass at searching for an approach to this actually resulted in exactly what I was looking for. I'll leave this question here in case it leads others to this answer.
<一个href=\"http://vivien-chevallier.com/Articles/create-an-authorized-action-link-extension-for-aspnet-mvc-3\"相对=nofollow>创建ASP.NET MVC 3 授权操作链接扩展
实现使用几乎正是我一直在寻找的语法,并在实践工作。
The implementation uses just about exactly the syntax I was looking for, and works in practice.
这篇关于确定是否控制器操作调用前授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
