ASP.NET & EF:如何在您的网站中正确实施访问级别分离 api?
ASP.NET & EF: How to properly implement seperation of access levels in your web api?
目前我在我的控制器中收到声明,这些声明包含 administrator 和 teamid。在我的存储库中,每次调用我想要检索数据列表时,您要么获得团队可用的数据,要么获得所有数据(如果您是管理员)。检查的代码如下:
var content = _dataContext.Content
.Where(c => c.teamId == teamId || isAdministrator)
.Where(x => rest of the query here)
这是实施此类访问限制的好方法吗?或者有更好的方法来实现这个吗?
Is this a good way to implement such access restrictions? Or are there better ways to implement this?
You can implement in better way this kind of access control using
Role-based authorization or Claims-based authorization
these are the more elegant ways. You can check for details
implementation from our official document here
Wouldn't that result in high duplication of queries? Then I'd have to have two functions. One for teambased queries and one for admin based queries. Or is that actually the better way?
No that's really not the duplication of queries this is the elegant
way to handle that and its mostly used way to handle this kind of
requirement. Because in yur existing code when any new role comes in
you have to re-write the logic each time, which not doesn't meet the
SOLID principle which tell us "Objects or entities should be open for extension but closed for modification"
希望它能帮助您找到更好的实现。
目前我在我的控制器中收到声明,这些声明包含 administrator 和 teamid。在我的存储库中,每次调用我想要检索数据列表时,您要么获得团队可用的数据,要么获得所有数据(如果您是管理员)。检查的代码如下:
var content = _dataContext.Content
.Where(c => c.teamId == teamId || isAdministrator)
.Where(x => rest of the query here)
这是实施此类访问限制的好方法吗?或者有更好的方法来实现这个吗?
Is this a good way to implement such access restrictions? Or are there better ways to implement this?
You can implement in better way this kind of access control using
Role-based authorizationorClaims-based authorizationthese are the more elegant ways. You can check for details implementation from ourofficial document here
Wouldn't that result in high duplication of queries? Then I'd have to have two functions. One for teambased queries and one for admin based queries. Or is that actually the better way?
No that's really not the
duplication of queriesthis is the elegant way to handle that and its mostly used way to handle this kind of requirement. Because in yur existing code when any new role comes in you have to re-write the logic each time, which not doesn't meet theSOLIDprinciple which tell us"Objects or entities should be open for extension but closed for modification"
希望它能帮助您找到更好的实现。