MVC3 - UserId的身份验证

时间:2012-06-27 23:00:10

标签: c# sql asp.net-mvc-3 membership

要清楚: 我有两组用户 - GroupA - User1,User2 GroupB - User3,User4 A组执行TaskA并创建TaskA对象 B组执行TaskB并创建TaskB对象 基于角色阻止GroupA编辑TaskB对象,反之亦然

ISSUE - User1仍然可以编辑User2的TaskA对象

我已将SqlMembership集成到我的自定义数据库中,在我的自定义表中,我有一个UserId字段,该字段映射到AspNet_User表中的GUID AspNet_UserId列。用户可以创建作业,并且它与用户的AspNet_UserId相关联。

我的问题是我有基于角色的安全性,但我也必须设置安全性,因此只有具有UserId的用户才能访问包含其UserId的模型数据的编辑视图。

我看过这篇文章 - ASP.NET MVC 3 using Authentication

(但29个upvotes的答案的第一部分似乎不完整)

1 个答案:

答案 0 :(得分:1)

解决方案 -

我还没有实现这个,但从我看到的这就是我要找的东西。我在这里找到了它:http://forums.asp.net/t/1771733.aspx/1?Display+a+specific+data+for+User

这有望让我免于看WIF ......

(保持手指交叉)

员工控制员:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web.Mvc;
using System.Web.Security;

namespace UserDetails.Controllers
{
public class HomeController : Controller
{
    private readonly List<Employee> m_employees;

    public HomeController()
    {
        m_employees = new List<Employee>
                          {
                              new Employee
                                  {
                                      Id =  Guid.Parse("3aebbf53-3581-4822-bef4-c9701d927b93"),
                                      JobTitle = "Senior Developer",
                                      Manager = "Mr. Smith",
                                      Salary = 1500
                                  },

                                new Employee
                                    {
                                        Id= Guid.Parse("{3924afa7-d31b-4d30-b368-f825d4028779}"),
                                        JobTitle = "Lead Developer",
                                        Manager= "Mr. Doe",
                                        Salary = 2500
                                    }
                          };
    }

    public ActionResult Index()
    {
        if (User.Identity.IsAuthenticated)
        {
            MembershipUser currentUser = Membership.GetUser(User.Identity.Name, true /* userIsOnline */);

            if (currentUser != null && currentUser.ProviderUserKey != null && currentUser.IsApproved)
            {
                var currentUserId = (Guid)currentUser.ProviderUserKey;

                Employee result = (from employee in m_employees
                                   where employee.Id == currentUserId
                                   select employee).FirstOrDefault();

                return View(result);
            }
        }

        return View();
    }

    public ActionResult About()
    {
        return View();
    }
}

public class Employee
{
    public Guid Id { get; set; }
    public string JobTitle { get; set; }
    public string Manager { get; set; }
    public int Salary { get; set; }
}
}

索引视图

@{
    ViewBag.Title = "Home Page";
}

@model UserDetails.Controllers.Employee

<p>

@if (Model != null && User.Identity.IsAuthenticated)
{
    <label>Your name is: </label>@User.Identity.Name <br/>
    <label>Your Job Title is: </label>@Model.JobTitle<br/>
    <label>Your Manager is: </label>@Model.Manager<br/>
    <label>And you earn way too less money: &euro;</label> @Model.Salary
}