ASP.NET Identity - Simplified
Existing database model (simplified):
- 1 User can be joined to 1 or many AccessGroups.
- 1 AccessGroup can have 1 or many AccessItens.
When an identity is created it may be assigned one or more claims issued by a trusted party. A claim is a name value pair that represents what the subject is, not what the subject can do.
It does not seem like a good idea to store AccessItems as UserClaims,
e.g:
- UserClaims -> Name = CanDeleteSale; Value = True
But on the other hand I can't think another way to do that.
After search a lot, I can't think how to represent this model using roles or claims in ASP.NET Identity.
Why?
Admin users can customize AccessGroups, then use declarative roles does not fits in this case.
I can only trust in AccessItens because they are fixed Id's like enums, so I would like to use declarative auth with this using enums.
I need to store all user AccessItems after user login and use it for auth actions latter, using declarative way.
ASP.NET Identity seems beautifull to me, I'm trying to understand it better now.
Sorry if I could't express my question in a clear way, please, tell me about any doubt.
1 个答案:
答案 0 :(得分:2)
我认为你走在正确的轨道上。我有很多代表这样的用户角色的经验,而我个人的偏好(我主要处理大型企业项目)是使用ASP.NET身份进行身份验证并使用自定义代码处理访问控制。
对于较小的项目,我相信您可以像我在下面所做的那样自定义IsUserInRole方法。
public class CustomRoleProvider : RoleProvider
{
/// <summary>
/// Gets a list of roles assigned to a particular User
/// </summary>
/// <param name="UserID">ID of the User</param>
/// <param name="context">DbContext</param>
/// <returns></returns>
public static List<string> GetUserRoles(int UserID, UserContext context)
{
return context.UserList
.Where(s => s.UserID == UserID)
.SelectMany(s => s.AccessGroup.GroupRoles)
.Select(gr => gr.RoleID.ToString()).ToList();
}
/// <summary>
/// Gets a list of roles assigned to a particular user
/// </summary>
/// <param name="username">username of the user [or "" for current user]</param>
/// <param name="context">DbContext</param>
/// <returns></returns>
public static List<string> GetUserRoles(string username, UserContext context)
{
return context.UserList
.Where(s => s.Username == username)
.SelectMany(s => s.AccessGroup.GroupRoles)
.Select(gr => gr.RoleID.ToString()).ToList();
}
//roleName = RoleId; so that only the IDs are stored in session...
public override bool IsUserInRole(string username, string roleName)
{
return GetUserRoles(username, new UserContext()).Contains<string>(roleName);
}
public override string[] GetRolesForUser(string username)
{
return GetUserRoles(username, new UserContext()).ToArray();
}
public override string[] GetAllRoles()
{
return new UserContext().UserRoleList.Select(r => r.RoleID.ToString()).ToArray();
}
public override bool RoleExists(string roleName)
{
return new UserContext().UserRoleList.Where(r => r.RoleID.ToString().Equals(roleName)).Count() > 0;
}
public override string ApplicationName
{
get { return "Your Application Name"; }
set { }
}
public override string[] GetUsersInRole(string roleName)
{
throw new System.NotImplementedException();
}
public override string[] FindUsersInRole(string roleName, string usernameToMatch)
{
throw new System.NotImplementedException();
}
public override void AddUsersToRoles(string[] usernames, string[] roleNames)
{
throw new System.NotImplementedException();
}
public override void CreateRole(string roleName)
{
throw new System.NotImplementedException();
}
public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
{
throw new System.NotImplementedException();
}
public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
{
throw new System.NotImplementedException();
}
}
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?