小贝子编程

使用身份验证创建不同的访问级别



我创建了一个具有安全访问级别的enum,示例:

public enum AccessLevel
{
    Total,
    DeletionPrivileges,
    MaintainUsers,
    MaintainInventory,
    QueriesOnly,
    None
}

我可以管理网站的某些功能,例如删除,不呈现给没有删除权限的人。但我也想在代码中使用某种授权。

在默认框架中,有防止使用[Authorize]访问项目的某些区域的设施,我如何创建不同级别的权限来标记每个方法?

您可以使用Identity的基于声明的身份验证特性来轻松实现此目的。首先,您需要在登录操作方法中添加适当的"每个用户声明"来完成此操作,将您的登录操作方法更改为:

[HttpPost]
public ActionResult Login(LoginViewModel model, string returnUrl)
{
    if (ModelState.IsValid)
    {
        var userManager=HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
        var user = userManager.Find(model.UserName, model.Password);
        if (user != null)
        {
            var ident = userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
            // imaging you have a custom class which return user access levels 
            var userAccessLevels=_accessLevelManager.GetAccessLevels(user.Id);
            // now we are going to add our custom claims 
            ident.AddClaims(new[]
            {
                // add each access level as a separate claim 
                new Claim("AccessLevel",userAccessLevels[0].ToString()),
                new Claim("AccessLevel",userAccessLevels[1].ToString()),
                // and so on
            });
            HttpContext.GetOwinContext().Authentication.SignIn(new AuthenticationProperties { IsPersistent = false }, ident);
            // authentication succeed do what you want 
            return Redirect(login.ReturnUrl ?? Url.Action("Index", "Home"));
        }
    }
    ModelState.AddModelError("", "Invalid username or password");
    return View(login);
}

现在我们已经成功地将声明注入Identity。但是您需要一个自定义的authorize属性来检查声明,如下所示:

public class ClaimsAccessAttribute : AuthorizeAttribute 
{
    public string ClaimType { get; set; }
    public string Value { get; set; }
    protected override bool AuthorizeCore(HttpContextBase context) 
    {
         return context.User.Identity.IsAuthenticated
             && context.User.Identity is ClaimsIdentity
             && ((ClaimsIdentity)context.User.Identity).HasClaim(x =>
                 x.Type == ClaimType && x.Value == Value);
    }
}

现在你可以很容易地在你的动作方法中使用你的属性:

[ClaimsAccess(CliamType="AccessLevel",Value="DeletionPrivileges")]
public ActionResult MyAction()
{
    // also you have access the authenticated user's claims 
    // simply by casting User.Identity to ClaimsIdentity
    // ((ClaimsIdentity)User.Identity).Claims
}

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium