我可以用不同的角色覆盖 asp.net 核心的授权吗?
Can I override Authorizations for asp.net core with different Roles?
[Authorize(Roles = "Admin")] // only admin
public class XController : Controller
{
[Authorize(Roles = "Employee")] // only employee
public ActionResult ActionX() { ... }
}
只有管理员可以访问控制器,只有员工可以访问那个方法,我知道这个结构不是最好的例子,但我只是想知道这是否可能! :)
你绝对可以 - 但为了你自己(和其他开发人员)的理智,我会将 Employee 角色切换为 Controller 级别(最不宽容),然后获得更严格的授权在您 action-by-action 的基础上。
直接来自 MSDN docs。
You can further limit access by applying additional role authorization attributes at the action level:
[Authorize(Roles = "Administrator, PowerUser")]
public class ControlPanelController : Controller
{
public ActionResult SetTime()
{
}
[Authorize(Roles = "Administrator")]
public ActionResult ShutDown()
{
}
}
[Authorize(Roles = "Admin")] // only admin
public class XController : Controller
{
[Authorize(Roles = "Employee")] // only employee
public ActionResult ActionX() { ... }
}
只有管理员可以访问控制器,只有员工可以访问那个方法,我知道这个结构不是最好的例子,但我只是想知道这是否可能! :)
你绝对可以 - 但为了你自己(和其他开发人员)的理智,我会将 Employee 角色切换为 Controller 级别(最不宽容),然后获得更严格的授权在您 action-by-action 的基础上。
直接来自 MSDN docs。
You can further limit access by applying additional role authorization attributes at the action level:
[Authorize(Roles = "Administrator, PowerUser")]
public class ControlPanelController : Controller
{
public ActionResult SetTime()
{
}
[Authorize(Roles = "Administrator")]
public ActionResult ShutDown()
{
}
}