问题
Hello guys I having been keeping searching for answers for a few days and read couple of posts already but still quite confused.
I am using a user table with fields including First Name, Last Name, Email, Password, RoleID and other stuff like phone numbers etc.
Also I have a "role table" which has a Field standing for "Role Name" in string and few other fields stands for different Accesses of Boolean type such as "AccessToAlterItemInformation" which if a user with such roles who having (AccessToAlterItemInformation == True) will be granted with access to Item Editing page. There are a few questions I want to ask about this topic:
- codes like:
[Authorize(Roles="admin")]
were used to authorizing on several posts I saw but I want to do something more like
[Authorize(user.role.AccessToAlterItemInformation == true)] //I know this is not right but something similar
OR:
if (User.Roles.AccessToAlterItemInformation == True)
{
//Do something as Access granted
}
How could I achieve this? (or some other approaches which at least achieve something similar to that so I can make a website Authorizing according to different accesses)
-2. with the requirements as first question described above, I have to implement the member/user system with a MVC 4 Web Application with Razor using already created User Table and Role Table. How could I achieve that? I want to use as much as possible of whatever is already there (asp.net, simplemembership etc.) and make as little changes as possible because I really only have little time left for this project. Please help me! Thanks in advance!
And sorry for my poor English
回答1:
You will have to define a custom Authorize attribute to do this.
[Authorize(user.role.AccessToAlterItemInformation == true)]
It should be changed to something like this.
[Authorize(Permissions = Access.EditItemInformation)]
where Access is a Flag enum and Permissions is a member variable (of type Access) in the custom Authorize attribute class you define.
you will also have to define the enum flag itself
[Flags]
public enum Access: ulong
{
CreateItemInformation = 0x00000002,
EditItemInformation = 0x00000004,
DeleteItemInformation = 0x00000008,
}
By using flags you will be able to give more than one flag as permissions
[Authorize(Permissions = Access.EditItemInformation || Access.CreateItemInformation)]
within the overridden AuthorizeCore method, you'll check if the permission member variable has different types of Access flags and return true if authorized and false if not. This is how you check if a given Access flag is in the Permission variable
Permissions.HasFlag(Access.EditItemInformation);
This is how you'd implement a custom authorize attribute
ASP.NET MVC 4 Custom Authorize Attribute with Permission Codes (without roles)
values of Enum Flags should be in power of 2. Please take a look at these articles to understand flags.
http://www.codeproject.com/Articles/13740/The-Beginner-s-Guide-to-Using-Enum-Flags
http://forums.asp.net/t/1917822.aspx/1?+use+of+Enum+with+flags+in+practicle+
Hope that helps
来源:https://stackoverflow.com/questions/17851606/how-could-i-use-my-own-database-table-for-mvc-4-user-control-and-authorizing-wi