问题
I'm new in asp and I created a login page for my web project but and I set authentication but I can not set authorization for my project! I saw many links like this Authentication and Authorization in ASP.NET Web API but couldn't implementation those on my own project, I don't know where I must to start?! thank you for your help!
this is my controller:
public class AuthenticationController : Controller
{
private modelLayOut mLO = new modelLayOut();
public bool existBool = false;
// GET: Authentication
public ActionResult Index()
{
return View();
}
public ActionResult applicantAuthentication()
{
return View("ApplicantAuthentication");
}
public ActionResult applicantIsExist()
{
return View("applicantIsExist");
}
public ActionResult applicantPassIsWrong()
{
return View("applicantPassIsWrong");
}
public ActionResult applicantNotExist()
{
return View("applicantNotExist");
}
[HttpPost]
public ActionResult applicantCreate(string Username, string Password, string RepeatPassword)
{
if (mLO.applicantExistCheck(Username))
{
return View("applicantIsExist");
}
else
{
mLO.insertNewApplicant(Username, Password);
return View("ApplicantAuthentication");
}
}
[HttpPost]
public ActionResult applicantAccess(string Username, string Password)
{
if (mLO.applicantAccess(Username, Password))
{
return RedirectToAction("Home", "Home");
}
else
{
if (mLO.applicantExistCheck(Username))
{
return View("applicantPassIsWrong");
}
else
{
return View("applicantNotExist");
}
}
}
//agency part
public ActionResult agencyAuthentication()
{
return View("AgencyAuthentication");
}
public ActionResult agencyPassIsWrong()
{
return View("agencyPassIsWrong");
}
public ActionResult agencyNotExist()
{
return View("agencyNotExist");
}
[HttpPost]
public ActionResult agencyAccess(string Username, string Password)
{
if (mLO.agencyAccess(Username, Password))
{
return RedirectToAction("Home", "Home");
}
else
{
if (mLO.agencyExistCheck(Username))
{
return View("agencyPassIsWrong");
}
else
{
return View("agencyNotExist");
}
}
}
//webAdmin
public ActionResult webAdminAuthentication()
{
return View("WebAdminAuthentication");
}
public ActionResult webAdminAccessWrong()
{
return View("webAdminAccessWrong");
}
[HttpPost]
public ActionResult webAdminAccess(string Username, string Password)
{
if (mLO.webAdminAccess(Username, Password))
{
Session["Username"] = Username;
return RedirectToAction("webAdminPage", "Admin");
}
else
{
return View("webAdminAccessWrong");
}
}
回答1:
You need to fully understand ASP.NET 5 Identity model (Check here and here). Then you should implement that with any changes suits to your project. One of the most important things about ASP.NET 5 Identity is its simplicity and flexibility to use with different user types and accessibility with just using annotations for methods. If you have previous experience with SQL Membership, check here to find out how to Migrating from SQL Membership to ASP.NET Identity. Or if you have previous experience with ASP.NET Membership, check here to find out how to Migrate from ASP.NET Membership to ASP.NET Identity.
About your question on how say: "welcome PERSON NAME" ?, after implementation ASP.NET 5 Identity, you just need to have
System.Web.HttpContext.Current.User.Identity.Name
in where ever you need!.
回答2:
If you want authorization on your whole controller, just set the Authorize attribute on your controller:
[Authorize]
public class AuthenticationController : Controller
{
}
If you want authorization on a sigle action:
public class AuthenticationController : Controller
{
[Authorize]
public ActionResult Index()
{
ViewBag.Message = "Welcome, " + HttpContext.User.Identity.Name;
}
}
EDIT: Only authenticated users will be able to navigate through authorized methods or controllers
来源:https://stackoverflow.com/questions/38128219/how-authorization-aspmvc-project-from-controller