问题
I have developed the asp.net mvc + C# application. it has 2 users as Super admin, Admin and User. I want to manage the functionality as per their roles. I am managing the data in sql server database .How to manage this in asp.net mvc ? where shuold i have to write the code for this management ?
回答1:
Well, I can think of two options.
You can use asp.Net's default sqlMembershipProvider and sqlRoleProvider to authenticate and authorize your users. If you do so you have to incorporate its database with yours. In this case you only have to write:
[Authorize(Role="Administrator")]
public ActionResult myAction(){}
The authorize attribute will only allow administrators to enter myAction actionresult. (Check to see if there is administrator role in asp.net membership and role database - there are almost half dozen roles there but I have not used them).
The second option is to use your own database for storing role information and writing your own authorize attributes and decorating your actionresults with them.
this question will help you understand how you can inherit from AuthorizeAttribute to write your custom authorization logic.
来源:https://stackoverflow.com/questions/3896028/application-role-management-in-asp-net-mvc-how