需要澄清:我有两组用户-组A-用户1,用户2组B-用户3、用户4组A执行任务A并创建任务A对象组B执行任务B并创建任务B对象基于角色的阻止GroupA编辑TaskB对象,反之亦然
ISSUE-User1仍然可以编辑User2的TaskA对象
我已经将SqlMembership集成到我的自定义数据库中,在我的自定义表中,我有一个UserId字段,该字段映射到AspNet_User表中的GUID AspNet_UserId列。用户可以创建作业,并且该作业与用户的AspNet_UserId相关联。
我的问题是我有基于角色的安全性,但我也必须设置安全性,这样只有具有UserId的用户才能访问包含其UserId的模型数据的编辑视图。
我看过这篇文章-使用身份验证的ASP.NET MVC 3
(但答案的第一部分有29张赞成票似乎不完整(
解决方案-
我还没有实现这一点,但从我看来,这就是我想要的。我在这里找到它:http://forums.asp.net/t/1771733.aspx/1?Display+a+特定+数据+针对+用户
这将有望使我不必看WIF
(祈祷(
员工管理员:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web.Mvc;
using System.Web.Security;
namespace UserDetails.Controllers
{
public class HomeController : Controller
{
private readonly List<Employee> m_employees;
public HomeController()
{
m_employees = new List<Employee>
{
new Employee
{
Id = Guid.Parse("3aebbf53-3581-4822-bef4-c9701d927b93"),
JobTitle = "Senior Developer",
Manager = "Mr. Smith",
Salary = 1500
},
new Employee
{
Id= Guid.Parse("{3924afa7-d31b-4d30-b368-f825d4028779}"),
JobTitle = "Lead Developer",
Manager= "Mr. Doe",
Salary = 2500
}
};
}
public ActionResult Index()
{
if (User.Identity.IsAuthenticated)
{
MembershipUser currentUser = Membership.GetUser(User.Identity.Name, true /* userIsOnline */);
if (currentUser != null && currentUser.ProviderUserKey != null && currentUser.IsApproved)
{
var currentUserId = (Guid)currentUser.ProviderUserKey;
Employee result = (from employee in m_employees
where employee.Id == currentUserId
select employee).FirstOrDefault();
return View(result);
}
}
return View();
}
public ActionResult About()
{
return View();
}
}
public class Employee
{
public Guid Id { get; set; }
public string JobTitle { get; set; }
public string Manager { get; set; }
public int Salary { get; set; }
}
}
索引视图
@{
ViewBag.Title = "Home Page";
}
@model UserDetails.Controllers.Employee
<p>
@if (Model != null && User.Identity.IsAuthenticated)
{
<label>Your name is: </label>@User.Identity.Name <br/>
<label>Your Job Title is: </label>@Model.JobTitle<br/>
<label>Your Manager is: </label>@Model.Manager<br/>
<label>And you earn way too less money: €</label> @Model.Salary
}