使用ASP.net Identity禁用基于角色授权的MVC视图中的输入字段



我已经在MVC应用程序中重写了AuthorizeAttribute类,用于基于角色的授权。

[HttpPOST]    
[CustomAuthorize(Roles = "AddCOA")]
public ActionResult Edit([Bind(Include = "N100,S104,S103,S101,S1,S100,D1")] TrM trM)
{
    if (ModelState.IsValid)
    {
        db.Entry(trM).State = EntityState.Modified;
        db.SaveChanges();
        return RedirectToAction("View",trM);
    }
    return View(trM);
}

我从视图使用凭证列表调用这个控制器方法。现在我必须禁用编辑ActionLink按钮在视图中的某个角色,我怎么能实现这一点?

@Html.Actionlink("Edit", "Edit", "Controller", new{@class = "btn btn-success"})

现在它会自动重定向到登录页面

可以使用razor检查当前用户是否在指定的角色中:

@if (User.IsInRole("AddCOA"))
{
    @Html.Actionlink("Edit", "Edit", "Controller", new { @class = "btn btn-success" })
}
else
{
    @Html.Actionlink("Edit", "Edit", "Controller", new { @class = "btn btn-success disbled" })
}

方式一:

你可以在服务器端使用自定义的ActionLink扩展来处理它,该扩展检查是否显示编辑链接到基于角色的用户:

public static class LinkExtensions
{
   public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName)
    {
        return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(), new RouteValueDictionary());
    }
    public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, object routeValues)
    {
        return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(routeValues), new RouteValueDictionary());
    }
    public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName)
    {
        return htmlHelper.ActionLinkAuthorized(linkText, actionName, controllerName, new RouteValueDictionary(), new RouteValueDictionary());
    }
    public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, RouteValueDictionary routeValues)
    {
        return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, routeValues, new RouteValueDictionary());
    }
    public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, object routeValues, object htmlAttributes)
    {
        return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(routeValues), new RouteValueDictionary(htmlAttributes));
    }
    public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, RouteValueDictionary routeValues, IDictionary<string, object> htmlAttributes)
    {
        return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, routeValues, htmlAttributes);
    }
    public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, object routeValues, object htmlAttributes)
    {
        return htmlHelper.ActionLinkAuthorized(linkText, actionName, controllerName, new RouteValueDictionary(routeValues), new RouteValueDictionary(htmlAttributes));
    }
   public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, RouteValueDictionary routeValues, IDictionary<string, object> htmlAttributes)
   {
       if (UserInRole())   // your business logic here for role check
       {
          return htmlHelper.ActionLink(linkText, actionName, controllerName, routeValues, htmlAttributes);
       }
       return MvcHtmlString.Empty;
   }
}

并在View中使用:

@Html.ActionLinkAuthorized("Edit", "Edit", "Controller", new{@class = "btn btn-success"})

方式2:

您可以修改自定义属性代码以重定向到显示用户未经授权查看该页的页面:

public class AuthorizationAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            string actionName = filterContext.ActionDescriptor.ActionName;
            string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;

            if (!AllowedToAccess()) // if not in specific role show page with message that user is unauthorized to view this page
            {
                string redirectUrl = string.Format("?returnUrl={0}", filterContext.HttpContext.Request.Url.PathAndQuery);
                filterContext.HttpContext.Response.Redirect(FormsAuthentication.LoginUrl + redirectUrl, true);
            }
            else
            {
                base.OnActionExecuting(filterContext); if authorized user allow it to view
            }
        }

和在Web。配置url,当用户不在角色中时调用该操作:

<authentication mode="Forms">
      <forms loginUrl="~/UnAuthorized" timeout="2880" />
</authentication>

相关内容

  • 没有找到相关文章

最新更新