动态添加角色以授权控制器的属性
Dynamically add roles to authorize attribute for controller
我需要让我的管理员用户即时更改用户的访问权限,以便他们可以创建新角色并向这些角色添加权限。
我希望能够创建一个 Authorize 属性以粘贴在我的控制器 class 之上,我可以从数据库向其添加角色,这样我就不必 'set' 开发过程中的角色,如 [Authorize(Roles="Role1, Role2")] 等
所以像 [Authorize(Roles = GetListOfRoles()]
我发现了这个问题 - ASP.NET MVC Authorize user with many roles 它做了类似的事情,但也许有一种方法可以改变它,以便它从数据库中获取 permissions/roles 的列表?
像这样的事情怎么样:
[AttributeUsage(AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public class MyCustomAuthorizationAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// Do some logic here to pull authorised roles from backing store (AppSettings, MSSQL, MySQL, MongoDB etc)
...
// Check that the user belongs to one or more of these roles
bool isUserAuthorized = ....;
if(isUserAuthorized)
return true;
return base.AuthorizeCore(httpContext);
}
}
您可以将它与数据库一起使用,或者只是在 web.config.
中维护授权角色列表
这就是我如何提取一个属性,该属性可以根据用户角色的权限为每个方法授权用户。我希望这对其他人有帮助:
/// <summary>
/// Custom authorization attribute for setting per-method accessibility
/// </summary>
[AttributeUsage(AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public class SetPermissionsAttribute : AuthorizeAttribute
{
/// <summary>
/// The name of each action that must be permissible for this method, separated by a comma.
/// </summary>
public string Permissions { get; set; }
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
SalesDBContext db = new SalesDBContext();
UserManager<ApplicationUser> userManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext()));
ApplicationDbContext dbu = new ApplicationDbContext();
bool isUserAuthorized = base.AuthorizeCore(httpContext);
string[] permissions = Permissions.Split(',').ToArray();
IEnumerable<string> perms = permissions.Intersect(db.Permissions.Select(p => p.ActionName));
List<IdentityRole> roles = new List<IdentityRole>();
if (perms.Count() > 0)
{
foreach (var item in perms)
{
var currentUserId = httpContext.User.Identity.GetUserId();
var relatedPermisssionRole = dbu.Roles.Find(db.Permissions.Single(p => p.ActionName == item).RoleId).Name;
if (userManager.IsInRole(currentUserId, relatedPermisssionRole))
{
return true;
}
}
}
return false;
}
}
我需要让我的管理员用户即时更改用户的访问权限,以便他们可以创建新角色并向这些角色添加权限。
我希望能够创建一个 Authorize 属性以粘贴在我的控制器 class 之上,我可以从数据库向其添加角色,这样我就不必 'set' 开发过程中的角色,如 [Authorize(Roles="Role1, Role2")] 等
所以像 [Authorize(Roles = GetListOfRoles()]
我发现了这个问题 - ASP.NET MVC Authorize user with many roles 它做了类似的事情,但也许有一种方法可以改变它,以便它从数据库中获取 permissions/roles 的列表?
像这样的事情怎么样:
[AttributeUsage(AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public class MyCustomAuthorizationAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// Do some logic here to pull authorised roles from backing store (AppSettings, MSSQL, MySQL, MongoDB etc)
...
// Check that the user belongs to one or more of these roles
bool isUserAuthorized = ....;
if(isUserAuthorized)
return true;
return base.AuthorizeCore(httpContext);
}
}
您可以将它与数据库一起使用,或者只是在 web.config.
中维护授权角色列表这就是我如何提取一个属性,该属性可以根据用户角色的权限为每个方法授权用户。我希望这对其他人有帮助:
/// <summary>
/// Custom authorization attribute for setting per-method accessibility
/// </summary>
[AttributeUsage(AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public class SetPermissionsAttribute : AuthorizeAttribute
{
/// <summary>
/// The name of each action that must be permissible for this method, separated by a comma.
/// </summary>
public string Permissions { get; set; }
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
SalesDBContext db = new SalesDBContext();
UserManager<ApplicationUser> userManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext()));
ApplicationDbContext dbu = new ApplicationDbContext();
bool isUserAuthorized = base.AuthorizeCore(httpContext);
string[] permissions = Permissions.Split(',').ToArray();
IEnumerable<string> perms = permissions.Intersect(db.Permissions.Select(p => p.ActionName));
List<IdentityRole> roles = new List<IdentityRole>();
if (perms.Count() > 0)
{
foreach (var item in perms)
{
var currentUserId = httpContext.User.Identity.GetUserId();
var relatedPermisssionRole = dbu.Roles.Find(db.Permissions.Single(p => p.ActionName == item).RoleId).Name;
if (userManager.IsInRole(currentUserId, relatedPermisssionRole))
{
return true;
}
}
}
return false;
}
}