允许多个角色访问控制器操作

时间:2009-03-31 05:49:03

标签: asp.net-mvc controller roles

现在我装饰一个这样的方法,允许“成员”访问我的控制器动作

[Authorize(Roles="members")]

如何允许多个角色?例如,以下内容不起作用,但它显示了我要执行的操作(允许“成员”和“管理员”访问权限):

[Authorize(Roles="members", "admin")] 

10 个答案:

答案 0 :(得分:543)

另一种选择是在发布时使用单个授权过滤器,但删除内部引用。

[Authorize(Roles="members, admin")]

答案 1 :(得分:114)

如果您想使用自定义角色,可以执行以下操作:

CustomRoles上课:

public static class CustomRoles
{
    public const string Administrator = "Administrador";
    public const string User = "Usuario";
}

用法

[Authorize(Roles = CustomRoles.Administrator +","+ CustomRoles.User)]

如果您的角色很少,也许您可​​以将它们组合在一起(为了清晰起见):

public static class CustomRoles
{
     public const string Administrator = "Administrador";
     public const string User = "Usuario";
     public const string AdministratorOrUser = Administrator + "," + User;  
}

用法

[Authorize(Roles = CustomRoles.AdministratorOrUser)]

答案 2 :(得分:74)

一种可能的简化是子类AuthorizeAttribute

public class RolesAttribute : AuthorizeAttribute
{
    public RolesAttribute(params string[] roles)
    {
        Roles = String.Join(",", roles);
    }
}

用法:

[Roles("members", "admin")]

在语义上它与Jim Schmehil的答案相同。

答案 3 :(得分:16)

对于MVC4,使用我的角色EnumUserRoles),我使用自定义AuthorizeAttribute

在我的控制行动中,我这样做:

[CustomAuthorize(UserRoles.Admin, UserRoles.User)]
public ActionResult ChangePassword()
{
    return View();
}

我使用这样的自定义AuthorizeAttribute

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
public class CustomAuthorize : AuthorizeAttribute
{
    private string[] UserProfilesRequired { get; set; }

    public CustomAuthorize(params object[] userProfilesRequired)
    {
        if (userProfilesRequired.Any(p => p.GetType().BaseType != typeof(Enum)))
            throw new ArgumentException("userProfilesRequired");

        this.UserProfilesRequired = userProfilesRequired.Select(p => Enum.GetName(p.GetType(), p)).ToArray();
    }

    public override void OnAuthorization(AuthorizationContext context)
    {
        bool authorized = false;

        foreach (var role in this.UserProfilesRequired)
            if (HttpContext.Current.User.IsInRole(role))
            {
                authorized = true;
                break;
            }

        if (!authorized)
        {
            var url = new UrlHelper(context.RequestContext);
            var logonUrl = url.Action("Http", "Error", new { Id = 401, Area = "" });
            context.Result = new RedirectResult(logonUrl);

            return;
        }
    }
}

这是FabricioMartínezTamayo修改过的FNHMVC的一部分https://github.com/fabriciomrtnz/FNHMVC/

答案 4 :(得分:2)

如果您发现自己经常应用这两个角色,可以将它们包装在自己的授权中。这实际上是接受答案的延伸。

using System.Web.Mvc;

public class AuthorizeAdminOrMember : AuthorizeAttribute
{
    public AuthorizeAdminOrMember()
    {
        Roles = "members, admin";
    }
}

然后将新授权应用于Action。我认为这看起来更干净,读起来容易。

public class MyController : Controller
{
    [AuthorizeAdminOrMember]
    public ActionResult MyAction()
    {
        return null;
    }
}

答案 5 :(得分:2)

您可以使用授权策略 在 Startup.cs 中

    services.AddAuthorization(options =>
    {
        options.AddPolicy("admin", policy => policy.RequireRole("SuperAdmin","Admin"));
        options.AddPolicy("teacher", policy => policy.RequireRole("SuperAdmin", "Admin", "Teacher"));
    });

在控制器文件中:

 [Authorize(Policy = "teacher")]
 [HttpGet("stats/{id}")]
 public async Task<IActionResult> getStudentStats(int id)
 { ... }

“教师”政策接受 3 个角色。

答案 6 :(得分:1)

添加子类AuthorizeRole.cs

的更好代码
    [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
    class AuthorizeRoleAttribute : AuthorizeAttribute
    {
        public AuthorizeRoleAttribute(params Rolenames[] roles)
        {
            this.Roles = string.Join(",", roles.Select(r => Enum.GetName(r.GetType(), r)));
        }
        protected override void HandleUnauthorizedRequest(System.Web.Mvc.AuthorizationContext filterContext)
        {
            if (filterContext.HttpContext.Request.IsAuthenticated)
            {
                filterContext.Result = new RedirectToRouteResult(
                new RouteValueDictionary {
                  { "action", "Unauthorized" },
                  { "controller", "Home" },
                  { "area", "" }
                  }
              );
                //base.HandleUnauthorizedRequest(filterContext);
            }
            else
            {
                filterContext.Result = new RedirectToRouteResult(
                new RouteValueDictionary {
                  { "action", "Login" },
                  { "controller", "Account" },
                  { "area", "" },
                  { "returnUrl", HttpContext.Current.Request.Url }
                  }
              );
            }
        }
    }

如何使用此

[AuthorizeRole(Rolenames.Admin,Rolenames.Member)]

public ActionResult Index()
{
return View();
}

答案 7 :(得分:1)

另一个明确的解决方案是,您可以使用常量来保持约定并添加多个[Authorize]属性。看看这个:

public static class RolesConvention
{
    public const string Administrator = "Administrator";
    public const string Guest = "Guest";
}

然后在控制器中:

[Authorize(Roles = RolesConvention.Administrator )]
[Authorize(Roles = RolesConvention.Guest)]
[Produces("application/json")]
[Route("api/[controller]")]
public class MyController : Controller

答案 8 :(得分:0)

使用AspNetCore 2.x,您必须采取一些不同的方式:

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
public class AuthorizeRoleAttribute : AuthorizeAttribute
{
    public AuthorizeRoleAttribute(params YourEnum[] roles)
    {
        Policy = string.Join(",", roles.Select(r => r.GetDescription()));
    }
}

只是这样使用它:

[Authorize(YourEnum.Role1, YourEnum.Role2)]

答案 9 :(得分:-2)

Intent promptInstall = new Intent(android.content.Intent.ACTION_VIEW);
promptInstall.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
promptInstall.setDataAndType(Uri.parse("http://10.0.2.2:8081/MyAPPStore/apk/Teflouki.apk"), "application/vnd.android.package-archive" );

startActivity(promptInstall);