我知道有很多关于该主题的讨论,但我仍然无法做到正确(因为我是MVC的初学者)。我想从数据库中检查每个用户的权限(编辑/删除/更新)。以下是我的数据库结构,以便更好地了解此方案:User_MenuRole Table和User_MenuDetails 我想为特定用户分配CRUD的权限。例如,经理“Foo”可以创建,更新但不能删除采购订单。
目前我正在使用Owin / Identity进行登录和验证用户。这是代码:
public ActionResult Login(string username, string password)
{
var user = new UserManager().IsValid(username, password);
if (user!=null)
{
var ident = new ClaimsIdentity(
new[] {
// adding following 2 claim just for supporting default antiforgery provider
new Claim(ClaimTypes.NameIdentifier, username),
new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "ASP.NET Identity", "http://www.w3.org/2001/XMLSchema#string"),
new Claim(ClaimTypes.Name,username),
new Claim(ClaimTypes.Sid,user.UserId.ToString()),
// optionally you could add roles if any
new Claim(ClaimTypes.Role,user.OperationType),
//new Claim(ClaimTypes.Role, "User"),
},
DefaultAuthenticationTypes.ApplicationCookie);
var claimsPrincipal = new ClaimsPrincipal(ident);
// Set current principal
Thread.CurrentPrincipal = claimsPrincipal;
HttpContext.GetOwinContext().Authentication.SignIn(
new AuthenticationProperties { IsPersistent = false }, ident);
UserManager userManager=new UserManager();
userManager.GetUserMenu();
return RedirectToAction("Index","Home"); // auth succeed
}
// invalid username or password
ModelState.AddModelError("", "invalid username or password");
return View();
}
的HomeController
[Authorize(Roles = "Manager, Admin")]
public ActionResult Index()
{
//Some code
return View();
}
AuthorizeAttribute可以使用此现有数据库解决此问题吗?如果是,那么如何?任何建议或代码都很明显。谢谢你提前......