C# 对多个角色进行ASP.Net身份检查以获取访问权限
在授予访问权限之前,是否有可能使asp.net标识要求2个角色的成员身份 我的系统中有两层权限。首先是授予对某些功能的访问权限的公司类型,其次是限制特定方法和使用权限的公司类型C# 对多个角色进行ASP.Net身份检查以获取访问权限,c#,.net,asp.net-mvc,asp.net-mvc-5,asp.net-identity,C#,.net,Asp.net Mvc,Asp.net Mvc 5,Asp.net Identity,在授予访问权限之前,是否有可能使asp.net标识要求2个角色的成员身份 我的系统中有两层权限。首先是授予对某些功能的访问权限的公司类型,其次是限制特定方法和使用权限的公司类型 CompanyType= Host,Expert,Manufacturer,Supplier,Consultant Accesslevel= Admin,ReadOnly,ReadWrite 我希望能够做到以下几点: [Authorize(Roles = "Expert && ReadWrite ||
CompanyType= Host,Expert,Manufacturer,Supplier,Consultant
Accesslevel= Admin,ReadOnly,ReadWrite
我希望能够做到以下几点:
[Authorize(Roles = "Expert && ReadWrite || ReadOnly")]
目标是以一种方式处理这两种角色,而不是拥有这些角色:
HostAdmin, HostReadOnly, HostReadWrite, ExpertAdmin ....
谢谢您的时间。是的,您可以要求多个角色,您只需添加更多授权属性:
[Authorize(Roles="members")]
[Authorize(Roles="admin")]
这将要求用户同时具有成员和管理员角色
有关详细信息->我创建了一个自定义过滤器属性以满足您的需要。我做了一点简化:我将
&
更改为&
,将|
更改为
。解析器还支持xor^
,而不是代码>和括号
[CustomAuthorize(Roles = "Expert & (ReadWrite | ReadOnly)")]
这是自定义授权属性
/// <summary>
/// [CustomAuthorize(Roles = "A & (!B | C) ^ D")]
/// </summary>
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
/*
* Exp -> SubExp '&' SubExp // AND
* Exp -> SubExp '|' SubExp // OR
* Exp -> SubExp '^' SubExp // XOR
* SubExp -> '(' Exp ')'
* SubExp -> '!' Exp // NOT
* SubExp -> RoleName
* RoleName -> [a-z]
*/
private const char TokenSeparator = ' ';
private const char TokenAnd = '&';
private const char TokenOr = '|';
private const char TokenXor = '^';
private const char TokenNot = '!';
private const char TokenParentheseOpen = '(';
private const char TokenParentheseClose = ')';
abstract class Node
{
public abstract bool Eval(IPrincipal principal);
}
abstract class UnaryNode : Node
{
private readonly Node _expression;
public Node Expression
{
get { return _expression; }
}
protected UnaryNode(Node expression)
{
_expression = expression;
}
}
abstract class BinaryNode : Node
{
private readonly Node _leftExpression;
private readonly Node _rightExpression;
public Node LeftExpression
{
get { return _leftExpression; }
}
public Node RightExpression
{
get { return _rightExpression; }
}
protected BinaryNode(Node leftExpression, Node rightExpression)
{
_leftExpression = leftExpression;
_rightExpression = rightExpression;
}
}
class AndNode : BinaryNode
{
public AndNode(Node leftExpression, Node rightExpression)
: base(leftExpression, rightExpression)
{
}
public override bool Eval(IPrincipal principal)
{
return LeftExpression.Eval(principal) && RightExpression.Eval(principal);
}
}
class OrNode : BinaryNode
{
public OrNode(Node leftExpression, Node rightExpression)
: base(leftExpression, rightExpression)
{
}
public override bool Eval(IPrincipal principal)
{
return LeftExpression.Eval(principal) || RightExpression.Eval(principal);
}
}
class XorNode : BinaryNode
{
public XorNode(Node leftExpression, Node rightExpression)
: base(leftExpression, rightExpression)
{
}
public override bool Eval(IPrincipal principal)
{
return LeftExpression.Eval(principal) ^ RightExpression.Eval(principal);
}
}
class NotNode : UnaryNode
{
public NotNode(Node expression)
: base(expression)
{
}
public override bool Eval(IPrincipal principal)
{
return !Expression.Eval(principal);
}
}
class RoleNode : Node
{
private readonly string _roleName;
public string RoleName
{
get { return _roleName; }
}
public RoleNode(string roleName)
{
_roleName = roleName;
}
public override bool Eval(IPrincipal principal)
{
return principal.IsInRole(RoleName);
}
}
private Node _expression;
void Parse(string text)
{
if (text == null) throw new ArgumentNullException("text");
var delimiters = new[] { TokenSeparator, TokenAnd, TokenOr, TokenXor, TokenNot, TokenParentheseOpen, TokenParentheseClose };
List<string> tokens = new List<string>();
StringBuilder sb = new StringBuilder();
for (int i = 0; i < text.Length; i++)
{
char c = text[i];
if (c == TokenSeparator)
continue;
if (delimiters.Contains(c))
{
if (sb.Length > 0)
{
tokens.Add(sb.ToString());
sb.Clear();
}
tokens.Add(c.ToString(CultureInfo.InvariantCulture));
}
else
{
sb.Append(c);
}
}
if (sb.Length > 0)
{
tokens.Add(sb.ToString());
}
_expression = Parse(tokens.ToArray());
}
Node Parse(string[] tokens)
{
int index = 0;
return ParseExp(tokens, ref index);
}
Node ParseExp(string[] tokens, ref int index)
{
Node leftExp = ParseSubExp(tokens, ref index);
if (index > tokens.Length)
return leftExp;
string token = tokens[index];
if (token == "&")
{
index++;
Node rightExp = ParseSubExp(tokens, ref index);
return new AndNode(leftExp, rightExp);
}
else if (token == "|")
{
index++;
Node rightExp = ParseSubExp(tokens, ref index);
return new OrNode(leftExp, rightExp);
}
else if (token == "^")
{
index++;
Node rightExp = ParseSubExp(tokens, ref index);
return new XorNode(leftExp, rightExp);
}
else
{
throw new Exception("Expected '&' or '|' or EOF");
}
}
Node ParseSubExp(string[] tokens, ref int index)
{
string token = tokens[index];
if (token == "(")
{
index++;
Node node = ParseExp(tokens, ref index);
if (tokens[index] != ")")
throw new Exception("Expected ')'");
index++; // Skip ')'
return node;
}
else if (token == "!")
{
index++;
Node node = ParseExp(tokens, ref index);
return new NotNode(node);
}
else
{
index++;
return new RoleNode(token);
}
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null) throw new ArgumentNullException("httpContext");
IPrincipal user = httpContext.User;
if (!user.Identity.IsAuthenticated)
{
return false;
}
if (_expression == null)
{
Parse(Roles);
}
if (_expression != null)
{
return _expression.Eval(user);
}
return true;
}
}
谢谢完美答案。我在任何地方都很难找到它。我认为即使是逗号分隔的方法也能起作用:[Authorize(Roles=“members,admin”)]
我用过ithmm,从我的角度看,它是不一样的。以上与AND语句相同,其中VishalVaishya的示例是OR语句。还是我错了?@Wraithbone我很快就同意了=)你是对的,VishalVaishya的答案是或,而建议的解决方案是AND@VishalVaishya这也会起作用,但行为是不同的。我的建议是,尽管您的解决方案是或喜欢自定义过滤器的想法。我会看看这个,因为我可以用它解决我的另一个问题。谢谢你的详细解释。对于这个特殊的问题,我使用了Zaphods的答案,你也在底部解释过。
// (role1 OR role2) AND (role3 OR role4)
[Authorize(Roles = "Role1, Role2")]
[Authorize(Roles = "Role3, Role4")]