使用基于组的角色的ASP.NET身份自定义 [英] ASP.NET Identity Custom with Group-based Roles
问题描述
例如,用户可以创建一个组,因此可以是组管理员,但也可以是组中的教师,因此能够贡献内容。相同的用户也可以是不同组中的学生,因此在该组中具有不同的权限。用户可以在给定的组中执行多个角色,他们的权限应该基于该组中的角色。
从我可以看到这不是ASP.NET Identity的预期结构,因为我看不到如何将特定角色的范围限制在一个组中。此外,我希望能够将用户分配给一个组,然后将一组用户分配给另一个组,因此,例如,我有一组用户,并将该组分配给另一组中的特定角色
我想到的是拥有UserId,GroupId和RoleId的会员资格表,用于处理将角色映射到特定组,但是如何将其扩展到从组继承的角色,我能够利用ASP.NET身份来帮助我管理这些角色,还是要从头开始自己编写解决方案?
如果您还没有找到它,并且正在使用MVC,请查看这个。
我最近一直在做同样的问题。这涵盖了很多要求,但是存在一个差距 - ASP.NET身份不区分授权和身份验证。在所有情况下,没有所需权限的用户将被发送到登录屏幕。如果他们没有登录,那么就行了,但是如果他们登录并且尝试访问他们没有权限的内容,那么就行了。这可能是这里的地址,但是我还没有时间测试它。
如何使授权属性返回自定义403错误页面,而不是重定向到登录页面
Perhaps I've misunderstood the concept of Roles in ASP.NET Identity and the database model, but I'm struggling to wrap my head around how to implement the following scenario: With ASP.NET Identity, it seems a User has permissions globally based on a Role, as opposed to permissions on a more granular level. I'm trying to implement a DB Schema in EF6 with Code-First where a User can be a member of several Groups. Instead of having a global Role however, I want the User to have one role in one Group, and a different Role in another.
For example, a User can create a Group, and therefore be the Group Admin, but could also be a Teacher in the Group and therefore be able to contribute Content. The same User could also be a Student in a different Group, and have different permissions in that Group as a result. Users can perform multiple Roles in a given Group, and their permissions should be based on their Role(s) within that Group.
From what I can see this isn't the intended structure for ASP.NET Identity, as I can't see how to limit the scope of a specific Role to a Group. Also, ideally I'd like to be able to assign a User to a Group, and then assign a Group of Users to another group, so for example I have a Group of Users and I assign that Group to a specific Role within another Group.
What I have in mind is a Membership table that has UserId, GroupId and RoleId to deal with mapping the Roles to specific Groups, but how would I extend that to have Roles inherited from Groups, and would I be able to leverage ASP.NET Identity to help me manage these Roles or do I have to cook my own solution up from scratch?
Take a look at this if you haven't already found it and you're working with MVC.
I've been working on the same same issue as you recently. This covers a lot of the requirements but there is a gap - ASP.NET Identity doesn't differentiate between authorization and authentication. In all cases, a user that does not have the required permission gets sent to the login screen. That's fine if they're not logged in, but not if they are logged in and trying to access something that they have no permission for. That is probably address here, but I haven't had time to test it yet.
这篇关于使用基于组的角色的ASP.NET身份自定义的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
