在MVC项目授权 [英] authorization in MVC project
问题描述
我在MVC项目的登录页面,我创建授权配置这一点。
I have login page in MVC project and i created authorization config this.
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" defaultUrl="~/Home/Index"/>
</authentication>
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
我怎样才能在注册页面访问?
How can i access in register page?
推荐答案
根据什么版本的MVC你使用的常见的做法我现在看到在MVC3 / 4是不是限制访问的具体行动,以限制对所有的动作,由加入授权()
作为一个全球性的过滤器,然后授予访问使用使用AllowAnonymous()
属性为一些特定的动作充当不需要保护动作的白名单。 (像登录,注册,等等)。
Depending on what version of MVC you're using the common practice I see now in MVC3/4 is to instead of restricting access to specific actions, to restrict access to all actions, by adding Authorize()
as a global filter and then grant access to a few select actions using the AllowAnonymous()
attribute to act as a white-list of actions that do not need to be protected. (Like Login, Register, etc).
的Global.asax
protected void Application_Start()
{
filters.Add(new AuthorizeAttribute());
}
AccountsController.cs
[AllowAnonymous]
public ActionResult Login()
{
//Perform login...
}
然后,你的的web.config 只是有这个
<authorization>
<allow users="*" />
</authorization>
这篇关于在MVC项目授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!