我已经阅读了数百篇关于ASP.NET MVC授权属性的文章,我认为我很难实现它。我在ASP.NET身份中设置了一个类,如下所示:
public class UserDetails : IdentityUser
{
public virtual MembershipSerial MembershipSerial { get; set; }
}
public class MembershipSerial
{
[HiddenInput(DisplayValue=false)]
public int Id { get; set; }
[HiddenInput(DisplayValue=false)]
public string Serial { get; set; }
[Required]
[Display(Name="Membership Serial")]
public string SerialConfirmed { get; set; }
}
public class MyDbContext : IdentityDbContext<UserDetails>
{
public MyDbContext()
: base ("EFDbContext")
{
}
public System.Data.Entity.DbSet<MembershipSerial> MembershipSerial { get; set; }
}
我想通过授权属性实现类似下面的内容:
[AuthorizeUser(AccessLevels="Has a valid serial key and can place an order")]
public ActionResult PlaceOrder(int ProductID)
{
// some code...
return View();
}
[AuthorizeUser(AccessLevels="Has a valid login and can add items to cart")]
public ActionResult AddToCart(int ProductID)
{
// some code...
return View();
}
[AuthorizeUser(AccessLevels="Has no login and valid serialkey, anonymous ")]
public ActionResult Anonymous(int ProductID)
{
// some code...
return View();
}
注意:系统管理员添加属性Serial,用户将添加属性SerialConfirmed。属性SerialConfirmed应该与后端的Serial进行比较,如果结果好的话应该返回true,否则为false。
这可能吗?怎么样?