Javascript 使用ASP.net标识禁用MVC视图中基于角色的授权的输入字段
在我们的MVC应用程序中,我已经为基于角色的授权重写了AuthorizeAttribute类Javascript 使用ASP.net标识禁用MVC视图中基于角色的授权的输入字段,javascript,c#,asp.net-mvc,asp.net-identity,Javascript,C#,Asp.net Mvc,Asp.net Identity,在我们的MVC应用程序中,我已经为基于角色的授权重写了AuthorizeAttribute类 [HttpPOST] [CustomAuthorize(Roles = "AddCOA")] public ActionResult Edit([Bind(Include = "N100,S104,S103,S101,S1,S100,D1")] TrM trM) { if (ModelState.IsValid) { db.Entry(trM).State = E
[HttpPOST]
[CustomAuthorize(Roles = "AddCOA")]
public ActionResult Edit([Bind(Include = "N100,S104,S103,S101,S1,S100,D1")] TrM trM)
{
if (ModelState.IsValid)
{
db.Entry(trM).State = EntityState.Modified;
db.SaveChanges();
return RedirectToAction("View",trM);
}
return View(trM);
}
我正在使用凭单列表从视图调用此控制器方法。现在我必须为某个角色禁用视图中的编辑操作链接按钮,我如何才能做到这一点
@Html.Actionlink("Edit", "Edit", "Controller", new{@class = "btn btn-success"})
目前,它会自动将视图重定向到登录页面。Way 1:
您可以使用自定义ActionLink扩展在服务器端处理它,该扩展将检查是否根据角色向用户显示编辑链接:
public static class LinkExtensions
{
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(), new RouteValueDictionary());
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, object routeValues)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(routeValues), new RouteValueDictionary());
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, controllerName, new RouteValueDictionary(), new RouteValueDictionary());
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, RouteValueDictionary routeValues)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, routeValues, new RouteValueDictionary());
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, object routeValues, object htmlAttributes)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(routeValues), new RouteValueDictionary(htmlAttributes));
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, RouteValueDictionary routeValues, IDictionary<string, object> htmlAttributes)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, routeValues, htmlAttributes);
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, object routeValues, object htmlAttributes)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, controllerName, new RouteValueDictionary(routeValues), new RouteValueDictionary(htmlAttributes));
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, RouteValueDictionary routeValues, IDictionary<string, object> htmlAttributes)
{
if (UserInRole()) // your business logic here for role check
{
return htmlHelper.ActionLink(linkText, actionName, controllerName, routeValues, htmlAttributes);
}
return MvcHtmlString.Empty;
}
}
方式2:
您可以修改自定义属性代码以重定向到显示用户未经授权查看此页面的页面:
public class AuthorizationAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
string actionName = filterContext.ActionDescriptor.ActionName;
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
if (!AllowedToAccess()) // if not in specific role show page with message that user is unauthorized to view this page
{
string redirectUrl = string.Format("?returnUrl={0}", filterContext.HttpContext.Request.Url.PathAndQuery);
filterContext.HttpContext.Response.Redirect(FormsAuthentication.LoginUrl + redirectUrl, true);
}
else
{
base.OnActionExecuting(filterContext); if authorized user allow it to view
}
}
并在Web.Config中设置当用户不在角色中时将调用的操作的url:
<authentication mode="Forms">
<forms loginUrl="~/UnAuthorized" timeout="2880" />
</authentication>
您可以使用razor检查当前用户是否处于指定角色:
@if (User.IsInRole("AddCOA"))
{
@Html.Actionlink("Edit", "Edit", "Controller", new { @class = "btn btn-success" })
}
else
{
@Html.Actionlink("Edit", "Edit", "Controller", new { @class = "btn btn-success disbled" })
}
你能同时显示你的
CustomAuthorize
过滤代码吗?这可能对MVC 4很有用,但是MVC 5中不推荐使用此功能??你说的是哪一个?我指的是你使用的Html.ActionLinkAuthorized helper。User.IsInRole是一种更好的方法。@geekowls是否有支持您的评论的参考资料?
@if (User.IsInRole("AddCOA"))
{
@Html.Actionlink("Edit", "Edit", "Controller", new { @class = "btn btn-success" })
}
else
{
@Html.Actionlink("Edit", "Edit", "Controller", new { @class = "btn btn-success disbled" })
}