基于角色的安全asp.net的MVC [英] Role based security asp.net mvc

问题描述

我很感兴趣，知道什么是MVC中使用基于角色的安全最佳做法：
如何保护自己的行为，使他们通过特定的角色只能访问？

I'm interested in knowing what are the best practices for using role based security in MVC:
how to secure your actions and make them accessible by specific roles only?

推荐答案

如果你设置你的ASP.Net成员资格提供正确，你可以很容易地使用[授权] -attribute指定访问不同的角色或用户。

If you setup your ASP.Net membership provider correctly, you can easily use the [Authorize]-attribute to specify access for different roles or users.

要要求用户登录，使用：

To require users to login, use:

[Authorize]
public class SomeController : Controller

// Or
[Authorize]
public ActionResult SomeAction()

要限制访问特定角色，使用：

To restrict access for specific roles, use:

[Authorize(Roles = "Admin, User")]
public class SomeController : Controller

// Or
[Authorize(Roles = "Admin, User")]
public ActionResult SomeAction()

和限制特定用户的访问，使用：

And to restrict access for specific users, use:

[Authorize(Users = "Charles, Linus")]
public class SomeController : Controller

// Or
[Authorize(Users = "Charles, Linus")]
public ActionResult SomeAction()

这篇关于基于角色的安全asp.net的MVC的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！