C# ASP.NET.MVC 5向控制器的操作添加权限
我有一个带有Windows身份验证的项目,有一个控制器我有一个问题,通过下面的控制器,我可以通过指定分支的名称(例如,通过在浏览器地址栏中键入URL)来获取信息: “ 它将向用户显示branch=Branch1的数据 现在的问题是——我如何实现以下目标 对于每个branchname,我希望通过指定ActiveDirectory中的组来指定允许打开此页面的权限。或者这是不可能的,我应该再创建10个控制器,并为每个控制器指定权限C# ASP.NET.MVC 5向控制器的操作添加权限,c#,asp.net,asp.net-mvc,asp.net-mvc-5,C#,Asp.net,Asp.net Mvc,Asp.net Mvc 5,我有一个带有Windows身份验证的项目,有一个控制器我有一个问题,通过下面的控制器,我可以通过指定分支的名称(例如,通过在浏览器地址栏中键入URL)来获取信息: “ 它将向用户显示branch=Branch1的数据 现在的问题是——我如何实现以下目标 对于每个branchname,我希望通过指定ActiveDirectory中的组来指定允许打开此页面的权限。或者这是不可能的,我应该再创建10个控制器,并为每个控制器指定权限 [HttpGet] public ActionResu
[HttpGet]
public ActionResult TestNew(string branchname)
{
// check stuff like permissions
var db = new MovieContext();
var model = new Model();
var students = db.Student
.Where(x => x.BranchName == branchname)
.GroupBy(x => new { x.BranchName, x.Name, x.Currency, x.NoCart, x.NoAccount })
.Select(x => new
{
BranchName = x.FirstOrDefault().BranchName,
Name = x.FirstOrDefault().Name,
A_Status = x.Max(p => p.A_Status),
Currency = x.FirstOrDefault().Currency,
NoCart = x.FirstOrDefault().NoCart,
NoAccount = x.FirstOrDefault().NoAccount
}).ToList();
foreach (var item in students)
{
model.Students.Add(new Student
{
A_Status = item.A_Status,
BranchName = item.BranchName,
Name = item.Name,
NoAccount = item.NoAccount,
NoCart = item.NoCart,
Currency = item.Currency
});
}
return View(model);
您可以使用基于策略的授权,并在foreach循环中使用授权处理程序来检查是否允许当前用户访问ressource 下面是一个我所做的示例,除了我在数据库中使用组而不是广告组外: 首先,您创建一个需求,它可以是emtpy,也可以不是emtpy,这取决于您的需要,就像在Microsoft文档中,它可以包含您的组名一样
public class CIAssetManagementRequirement : IAuthorizationRequirement
{
}
public class CIAuthoringManagement : AuthorizationHandler<CIAuthoringManagementRequirement, ConfigurationItem>
{
private readonly MyAppContext _context;
public CIAuthoringManagement(MyAppContext context)
{
_context = context;
}
[DebuggerStepThrough]
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CIAuthoringManagementRequirement requirement, ConfigurationItem resource)
{
var user = _context.Users.Include(u => u.Groups).Include(u => u.Employer).Include(c => c.AuthoringCatalogs).AsNoTracking().SingleOrDefault(m => m.ID == context.User.GetUniqueIdentifier());
if (user != null)
{
//Allowing SuperAdmins by default
var group = _context.Groups.Include(g => g.Users).ThenInclude(g => g.User).AsNoTracking().SingleOrDefault(g => g.DisplayName == "SuperAdmins");
if (group != null)
{
var groupUsers = new HashSet<Guid>(group.Users.Select(u => u.User.ID));
if (groupUsers.Contains(user.ID))
{
context.Succeed(requirement);
}
}
//Allowing CI if it's part of the catalogs where CI is author
//hashset of id where user is declared author
var authorCatalogHS = new HashSet<Guid>(user.AuthoringCatalogs.Select(c => c.CatalogId));
if (resource.Catalogs != null)
{
foreach (var catalog in resource.Catalogs)
{
if (authorCatalogHS.Contains(catalog.CatalogId))
{
context.Succeed(requirement);
}
}
}
else
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
我没有使用ASP.NET核心,或者在ASP.NET MVC 5中也可以使用它?我没有尝试过,但是这个项目为MVC 5带来了策略。
services.AddAuthorization(options =>
{
// require user to have cookie auth or jwt bearer token
options.AddPolicy("Authenticated",
policy => policy
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, CookieAuthenticationDefaults.AuthenticationScheme)
.RequireAuthenticatedUser());
options.AddPolicy("CIAuthoringManagement",
policy => policy.Requirements.Add(new CIAuthoringManagementRequirement()));
});
services.AddTransient<IAuthorizationHandler, CIAuthoringManagement>();
foreach (var ciApplication in _context.CIApplications.AsNoTracking())
{
if ((await _authorizationService.AuthorizeAsync(User, ciApplication, "CIAuthoringManagement")).Succeeded)
{
CIApplications.Add(ciApplication);
}
}
return CIApplications;