I have an ASP.NET MVC4 application in which I would like the AccountController to be easily enabled/disabled by a setting in the web.config. As I would like registrations and logins for a period, and then open up to be public. I am just a little unsure as to the best approach.
我有一个ASP.NET MVC4应用程序,我希望通过web.config中的设置轻松启用/禁用AccountController。因为我想注册和登录一段时间,然后开放公开。我只是不确定最好的方法。
many thanks
非常感谢
2 个解决方案
#1
1
There is an existing * question concerning this topic in which a custom attribute value is applied to the controller, which reads a value from web.config and allows the controller to be used or 404s, which I am not sure is exactly what you are looking for, but it might lead you in the right direction.
有关于此主题的现有*问题,其中自定义属性值应用于控制器,该控制器从web.config读取值并允许使用控制器或404s,我不确定是否正是您正在查找的内容因为,但它可能会引导你朝着正确的方向前进。
Another possibility is URL-rewriting.
另一种可能性是URL重写。
Here is that other SO question: Conditionally Disable ASP.NET MVC Controller
这是其他问题:有条件地禁用ASP.NET MVC控制器
#2
0
<system.web>
<!-- anonymous usage -->
<authentication mode="None"></authentication>
<!-- Forms login -->
<!--<authentication mode="None">
<forms ... />
</authentication>-->
</system.web>
Is that what you're looking for? note this won't "disable" the AccountController, but will make it trivial since authentication would effectively be disabled. However, it's up to how to write the site in terms of showing a login/logout button or showing no credential handling on the page when permitted.
这就是你要找的东西吗?请注意,这不会“禁用”AccountController,但会使其变得微不足道,因为身份验证将被有效禁用。但是,如何在显示登录/注销按钮或在允许时在页面上显示没有凭证处理方面编写网站。
You could probably create an extension of the AuthorizeAttrbiute that checks Context.User.Identity.AuthenticationType and permits/denies access based on authentication mod supplied in web.config (then apply that attribute to the AccountController (and any other actions) you want to restrict when mode="None".
您可以创建AuthorizeAttrbiute的扩展,它检查Context.User.Identity.AuthenticationType并根据web.config中提供的身份验证mod允许/拒绝访问(然后将该属性应用于您要限制的AccountController(以及任何其他操作)当mode =“None”时。
#1
1
There is an existing * question concerning this topic in which a custom attribute value is applied to the controller, which reads a value from web.config and allows the controller to be used or 404s, which I am not sure is exactly what you are looking for, but it might lead you in the right direction.
有关于此主题的现有*问题,其中自定义属性值应用于控制器,该控制器从web.config读取值并允许使用控制器或404s,我不确定是否正是您正在查找的内容因为,但它可能会引导你朝着正确的方向前进。
Another possibility is URL-rewriting.
另一种可能性是URL重写。
Here is that other SO question: Conditionally Disable ASP.NET MVC Controller
这是其他问题:有条件地禁用ASP.NET MVC控制器
#2
0
<system.web>
<!-- anonymous usage -->
<authentication mode="None"></authentication>
<!-- Forms login -->
<!--<authentication mode="None">
<forms ... />
</authentication>-->
</system.web>
Is that what you're looking for? note this won't "disable" the AccountController, but will make it trivial since authentication would effectively be disabled. However, it's up to how to write the site in terms of showing a login/logout button or showing no credential handling on the page when permitted.
这就是你要找的东西吗?请注意,这不会“禁用”AccountController,但会使其变得微不足道,因为身份验证将被有效禁用。但是,如何在显示登录/注销按钮或在允许时在页面上显示没有凭证处理方面编写网站。
You could probably create an extension of the AuthorizeAttrbiute that checks Context.User.Identity.AuthenticationType and permits/denies access based on authentication mod supplied in web.config (then apply that attribute to the AccountController (and any other actions) you want to restrict when mode="None".
您可以创建AuthorizeAttrbiute的扩展,它检查Context.User.Identity.AuthenticationType并根据web.config中提供的身份验证mod允许/拒绝访问(然后将该属性应用于您要限制的AccountController(以及任何其他操作)当mode =“None”时。