由网友([ 落笔映惆怅 ])分享简介:我很感兴趣,知道什么是MVC中使用基于角色的安全最佳做法:如何保护自己的行为,使他们通过特定的角色只能访问?I'm interested in knowing what are the best practices for using role based security in MVC: how to secu...
我很感兴趣,知道什么是MVC中使用基于角色的安全最佳做法: 如何保护自己的行为,使他们通过特定的角色只能访问?
I'm interested in knowing what are the best practices for using role based security in MVC: how to secure your actions and make them accessible by specific roles only?
推荐答案
如果你设置你的ASP.Net成员资格提供正确,你可以很容易地使用[授权] -attribute指定访问不同的角色或用户。
If you setup your ASP.Net membership provider correctly, you can easily use the [Authorize]-attribute to specify access for different roles or users.
要要求用户登录,使用:
To require users to login, use:
[Authorize]
public class SomeController : Controller
// Or
[Authorize]
public ActionResult SomeAction()
要限制访问特定角色,使用:
To restrict access for specific roles, use:
[Authorize(Roles = "Admin, User")]
public class SomeController : Controller
// Or
[Authorize(Roles = "Admin, User")]
public ActionResult SomeAction()
和限制特定用户的访问,使用:
And to restrict access for specific users, use:
[Authorize(Users = "Charles, Linus")]
public class SomeController : Controller
// Or
[Authorize(Users = "Charles, Linus")]
public ActionResult SomeAction()
相关推荐
最新文章