I'm interested in knowing what are the best practices for using role based security in MVC:
how to secure your actions and make them accessible by specific roles only?
我有兴趣知道在MVC中使用基于角色的安全性的最佳实践是什么:如何保护您的操作并使其仅由特定角色访问?
1 个解决方案
#1
23
If you setup your ASP.Net membership provider correctly, you can easily use the [Authorize]-attribute to specify access for different roles or users.
如果正确设置ASP.Net成员资格提供程序,则可以轻松使用[Authorize]属性为不同角色或用户指定访问权限。
To require users to login, use:
要求用户登录,请使用:
[Authorize]
public class SomeController : Controller
// Or
[Authorize]
public ActionResult SomeAction()
To restrict access for specific roles, use:
要限制特定角色的访问权限,请使用:
[Authorize(Roles = "Admin, User")]
public class SomeController : Controller
// Or
[Authorize(Roles = "Admin, User")]
public ActionResult SomeAction()
And to restrict access for specific users, use:
要限制特定用户的访问权限,请使用:
[Authorize(Users = "Charles, Linus")]
public class SomeController : Controller
// Or
[Authorize(Users = "Charles, Linus")]
public ActionResult SomeAction()
#1
23
If you setup your ASP.Net membership provider correctly, you can easily use the [Authorize]-attribute to specify access for different roles or users.
如果正确设置ASP.Net成员资格提供程序,则可以轻松使用[Authorize]属性为不同角色或用户指定访问权限。
To require users to login, use:
要求用户登录,请使用:
[Authorize]
public class SomeController : Controller
// Or
[Authorize]
public ActionResult SomeAction()
To restrict access for specific roles, use:
要限制特定角色的访问权限,请使用:
[Authorize(Roles = "Admin, User")]
public class SomeController : Controller
// Or
[Authorize(Roles = "Admin, User")]
public ActionResult SomeAction()
And to restrict access for specific users, use:
要限制特定用户的访问权限,请使用:
[Authorize(Users = "Charles, Linus")]
public class SomeController : Controller
// Or
[Authorize(Users = "Charles, Linus")]
public ActionResult SomeAction()