现在我这样装饰一个方法,以允许“成员”访问我的控制器操作。
[Authorize(Roles="members")]
我如何允许多个角色访问?例如,以下代码不起作用,但它展示了我的意图(允许“成员”和“管理员”访问):
[Authorize(Roles="members", "admin")]
现在我这样装饰一个方法,以允许“成员”访问我的控制器操作。
[Authorize(Roles="members")]
我如何允许多个角色访问?例如,以下代码不起作用,但它展示了我的意图(允许“成员”和“管理员”访问):
[Authorize(Roles="members", "admin")]
另一种选项是使用一个授权过滤器,就像你发布的那样,但去掉内部引号。
[Authorize(Roles="members,admin")]
CustomRoles
类:public static class CustomRoles
{
public const string Administrator = "Administrador";
public const string User = "Usuario";
}
使用方法
[Authorize(Roles = CustomRoles.Administrator +","+ CustomRoles.User)]
如果你只有少量角色,或许可以将它们进行合并(以增加清晰度),方法如下:
public static class CustomRoles
{
public const string Administrator = "Administrador";
public const string User = "Usuario";
public const string AdministratorOrUser = Administrator + "," + User;
}
使用方法
[Authorize(Roles = CustomRoles.AdministratorOrUser)]
有一个可能的简化方式是通过子类化 AuthorizeAttribute
:
public class RolesAttribute : AuthorizeAttribute
{
public RolesAttribute(params string[] roles)
{
Roles = String.Join(",", roles);
}
}
使用方法:
[Roles("members", "admin")]
在语义上,它与Jim Schmehil的答案相同。
System.Web.Mvc.Controllers
中使用System.Web.Mvc.AuthorizeAttribute
,并在System.Web.Http.ApiController
(RESTful调用)中使用System.Web.Http.AuthorizeAttribute
。 - EfthymiosAuthorizeAttribute
,其中包含一个Enum
(UserRoles
)。[CustomAuthorize(UserRoles.Admin, UserRoles.User)]
public ActionResult ChangePassword()
{
return View();
}
我使用一个自定义的AuthorizeAttribute
,像这样:
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
public class CustomAuthorize : AuthorizeAttribute
{
private string[] UserProfilesRequired { get; set; }
public CustomAuthorize(params object[] userProfilesRequired)
{
if (userProfilesRequired.Any(p => p.GetType().BaseType != typeof(Enum)))
throw new ArgumentException("userProfilesRequired");
this.UserProfilesRequired = userProfilesRequired.Select(p => Enum.GetName(p.GetType(), p)).ToArray();
}
public override void OnAuthorization(AuthorizationContext context)
{
bool authorized = false;
foreach (var role in this.UserProfilesRequired)
if (HttpContext.Current.User.IsInRole(role))
{
authorized = true;
break;
}
if (!authorized)
{
var url = new UrlHelper(context.RequestContext);
var logonUrl = url.Action("Http", "Error", new { Id = 401, Area = "" });
context.Result = new RedirectResult(logonUrl);
return;
}
}
}
这是 Fabricio Martínez Tamayo 修改后的 FNHMVC 的一部分 https://github.com/fabriciomrtnz/FNHMVC/
您可以在Startup.cs中使用授权策略(Authorization Policy)
services.AddAuthorization(options =>
{
options.AddPolicy("admin", policy => policy.RequireRole("SuperAdmin","Admin"));
options.AddPolicy("teacher", policy => policy.RequireRole("SuperAdmin", "Admin", "Teacher"));
});
在控制器文件中:
[Authorize(Policy = "teacher")]
[HttpGet("stats/{id}")]
public async Task<IActionResult> getStudentStats(int id)
{ ... }
"教师"政策接受3个角色。
使用AspNetCore 2.x,您需要采取一些不同的方式:
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
public class AuthorizeRoleAttribute : AuthorizeAttribute
{
public AuthorizeRoleAttribute(params YourEnum[] roles)
{
Policy = string.Join(",", roles.Select(r => r.GetDescription()));
}
}
只需按照以下方式使用:
[Authorize(YourEnum.Role1, YourEnum.Role2)]
我混合了回答并提出了这种方法。
首先,我们为角色访问创建一个枚举。
public enum ERoleAccess
{
[Description("Admin User")]
Admin = 1,
[Description("General User")]
User = 2,
[Description("Editor User")]
Editor = 3,
}
public class RolesAttribute:AuthorizeAttribute
{
public RolesAttribute(params ERoleAccess[] roles)
{
Roles = string.Join(",", roles);
}
}
最后,我们可以在控制器或操作上使用“RolesAttribute”。
[Roles(ERoleAccess.Admin, ERoleAccess.Editor, ERoleAccess.User)]
在这种方法中,我们使用多个替代字符串值的编号。(1=管理员,2=用户,...)
这有助于减小令牌大小并提高比较性能。
另一个清晰的解决方案是,您可以使用常量来保持约定并添加多个 [Authorize] 属性。看一下这个:
public static class RolesConvention
{
public const string Administrator = "Administrator";
public const string Guest = "Guest";
}
[Authorize(Roles = RolesConvention.Administrator )]
[Authorize(Roles = RolesConvention.Guest)]
[Produces("application/json")]
[Route("api/[controller]")]
public class MyController : Controller
Authorize
属性使用 AND 语义,并要求满足所有条件(即用户必须同时具备管理员和访客角色)。 - trousyt通过添加子类AuthorizeRole.cs
改进代码
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
class AuthorizeRoleAttribute : AuthorizeAttribute
{
public AuthorizeRoleAttribute(params Rolenames[] roles)
{
this.Roles = string.Join(",", roles.Select(r => Enum.GetName(r.GetType(), r)));
}
protected override void HandleUnauthorizedRequest(System.Web.Mvc.AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Request.IsAuthenticated)
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary {
{ "action", "Unauthorized" },
{ "controller", "Home" },
{ "area", "" }
}
);
//base.HandleUnauthorizedRequest(filterContext);
}
else
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary {
{ "action", "Login" },
{ "controller", "Account" },
{ "area", "" },
{ "returnUrl", HttpContext.Current.Request.Url }
}
);
}
}
}
[AuthorizeRole(Rolenames.Admin,Rolenames.Member)]
public ActionResult Index()
{
return View();
}
using System.Web.Mvc;
public class AuthorizeAdminOrMember : AuthorizeAttribute
{
public AuthorizeAdminOrMember()
{
Roles = "members, admin";
}
}
然后将您的新授权应用于操作。我认为这看起来更清晰,阅读起来更容易。
public class MyController : Controller
{
[AuthorizeAdminOrMember]
public ActionResult MyAction()
{
return null;
}
}