要清楚: 我有两组用户 - GroupA - User1,User2 GroupB - User3,User4 A组执行TaskA并创建TaskA对象 B组执行TaskB并创建TaskB对象 基于角色阻止GroupA编辑TaskB对象,反之亦然
ISSUE - User1仍然可以编辑User2的TaskA对象
我已将SqlMembership集成到我的自定义数据库中,在我的自定义表中,我有一个UserId字段,该字段映射到AspNet_User表中的GUID AspNet_UserId列。用户可以创建作业,并且它与用户的AspNet_UserId相关联。
我的问题是我有基于角色的安全性,但我也必须设置安全性,因此只有具有UserId的用户才能访问包含其UserId的模型数据的编辑视图。
我看过这篇文章 - ASP.NET MVC 3 using Authentication
(但29个upvotes的答案的第一部分似乎不完整)
答案 0 :(得分:1)
我还没有实现这个,但从我看到的这就是我要找的东西。我在这里找到了它:http://forums.asp.net/t/1771733.aspx/1?Display+a+specific+data+for+User
员工控制员:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web.Mvc;
using System.Web.Security;
namespace UserDetails.Controllers
{
public class HomeController : Controller
{
private readonly List<Employee> m_employees;
public HomeController()
{
m_employees = new List<Employee>
{
new Employee
{
Id = Guid.Parse("3aebbf53-3581-4822-bef4-c9701d927b93"),
JobTitle = "Senior Developer",
Manager = "Mr. Smith",
Salary = 1500
},
new Employee
{
Id= Guid.Parse("{3924afa7-d31b-4d30-b368-f825d4028779}"),
JobTitle = "Lead Developer",
Manager= "Mr. Doe",
Salary = 2500
}
};
}
public ActionResult Index()
{
if (User.Identity.IsAuthenticated)
{
MembershipUser currentUser = Membership.GetUser(User.Identity.Name, true /* userIsOnline */);
if (currentUser != null && currentUser.ProviderUserKey != null && currentUser.IsApproved)
{
var currentUserId = (Guid)currentUser.ProviderUserKey;
Employee result = (from employee in m_employees
where employee.Id == currentUserId
select employee).FirstOrDefault();
return View(result);
}
}
return View();
}
public ActionResult About()
{
return View();
}
}
public class Employee
{
public Guid Id { get; set; }
public string JobTitle { get; set; }
public string Manager { get; set; }
public int Salary { get; set; }
}
}
索引视图
@{
ViewBag.Title = "Home Page";
}
@model UserDetails.Controllers.Employee
<p>
@if (Model != null && User.Identity.IsAuthenticated)
{
<label>Your name is: </label>@User.Identity.Name <br/>
<label>Your Job Title is: </label>@Model.JobTitle<br/>
<label>Your Manager is: </label>@Model.Manager<br/>
<label>And you earn way too less money: €</label> @Model.Salary
}