基于角色的安全 asp.net mvc 试图传递一个方法

Question

我想说清楚，我已经尝试了几乎可以想象的东西。

我的 las 拍摄是这样的。

[Authorize()]
[Secure(Roles = ActionRole.Admin.ToString())]
public class ActionController : Controller
{
    public enum ActionRole
    {
        Admin,
        Recruter,
        Sales,
        Developer
    }
}

还有我最初的想法。

[Authorize()]
[Secure(Roles = MyRoleClass.GetAuthorizedRolesForThisAction("ActionController"))]
public class ActionController : Controller
{
    //ActionController Related Code.
}

public Class MyRoleClass(){

    Public strgin GetAuthorizedRolesForThisAction(string Controller){
        //Accessing my DB and the searching is not the hard part here.
    }

}

我收到此错误。

Error   1   An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type  

我正在尝试这样做，因为不是我的想法，每次我都必须更改控制器角色权限......如果有人有想法，将不胜感激。

Answer 1

您可能可以使用自定义AuthorizeAttribute 执行类似的操作。这将添加一个步骤，在继续执行OnAuthorization 步骤之前设置授权属性Roles。

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
public class SecureAttribute : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext) {
        var controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
        this.Roles = string.Join(",", MyRoleClass.GetAuthorizedRolesForThisAction(controller));

        base.OnAuthorization(filterContext);
    }
}

那么你应该可以只添加Secure属性装饰：

[Secure]
public class ActionController : Controller
{
    //ActionController Related Code.
}

Answer 2

    [Authorize()]
    [Secure(Roles = "Contact/Index")]
    public ActionResult Index()
    {
    }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        //Get the user permissions from the Session. 
        //Using it every time that I get the controller and the action
    }

希望这可以帮助某人。 谢谢。