使用 ASP.net 身份禁用基于角色授权的 MVC 视图中的输入字段
Disable Input Fields in MVC View on Role Based Authorization using ASP.net Identity
我已经覆盖了 AuthorizeAttribute class 在我们的 MVC 应用程序中基于角色的授权。
[HttpPOST]
[CustomAuthorize(Roles = "AddCOA")]
public ActionResult Edit([Bind(Include = "N100,S104,S103,S101,S1,S100,D1")] TrM trM)
{
if (ModelState.IsValid)
{
db.Entry(trM).State = EntityState.Modified;
db.SaveChanges();
return RedirectToAction("View",trM);
}
return View(trM);
}
我正在从 view 调用此 controller method 并附上凭证列表。现在我必须为某个 角色 禁用视图中的 Edit ActionLink 按钮,我该如何实现?
@Html.Actionlink("Edit", "Edit", "Controller", new{@class = "btn btn-success"})
目前它会自动将视图重定向到登录页面。
方式一:
您可以使用自定义 ActionLink 扩展在服务器端处理它,该扩展检查是否根据角色向用户显示编辑 link:
public static class LinkExtensions
{
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(), new RouteValueDictionary());
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, object routeValues)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(routeValues), new RouteValueDictionary());
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, controllerName, new RouteValueDictionary(), new RouteValueDictionary());
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, RouteValueDictionary routeValues)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, routeValues, new RouteValueDictionary());
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, object routeValues, object htmlAttributes)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(routeValues), new RouteValueDictionary(htmlAttributes));
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, RouteValueDictionary routeValues, IDictionary<string, object> htmlAttributes)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, routeValues, htmlAttributes);
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, object routeValues, object htmlAttributes)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, controllerName, new RouteValueDictionary(routeValues), new RouteValueDictionary(htmlAttributes));
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, RouteValueDictionary routeValues, IDictionary<string, object> htmlAttributes)
{
if (UserInRole()) // your business logic here for role check
{
return htmlHelper.ActionLink(linkText, actionName, controllerName, routeValues, htmlAttributes);
}
return MvcHtmlString.Empty;
}
}
并在视图中使用它:
@Html.ActionLinkAuthorized("Edit", "Edit", "Controller", new{@class = "btn btn-success"})
方式二:
您可以修改您的自定义属性代码以重定向到显示用户 he/she 未授权查看此页面的页面:
public class AuthorizationAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
string actionName = filterContext.ActionDescriptor.ActionName;
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
if (!AllowedToAccess()) // if not in specific role show page with message that user is unauthorized to view this page
{
string redirectUrl = string.Format("?returnUrl={0}", filterContext.HttpContext.Request.Url.PathAndQuery);
filterContext.HttpContext.Response.Redirect(FormsAuthentication.LoginUrl + redirectUrl, true);
}
else
{
base.OnActionExecuting(filterContext); if authorized user allow it to view
}
}
并在 Web.Config 中为该操作设置 url,当用户不在角色中时将调用该操作:
<authentication mode="Forms">
<forms loginUrl="~/UnAuthorized" timeout="2880" />
</authentication>
您可以使用 razor 检查当前用户是否在指定角色中:
@if (User.IsInRole("AddCOA"))
{
@Html.Actionlink("Edit", "Edit", "Controller", new { @class = "btn btn-success" })
}
else
{
@Html.Actionlink("Edit", "Edit", "Controller", new { @class = "btn btn-success disbled" })
}
我已经覆盖了 AuthorizeAttribute class 在我们的 MVC 应用程序中基于角色的授权。
[HttpPOST]
[CustomAuthorize(Roles = "AddCOA")]
public ActionResult Edit([Bind(Include = "N100,S104,S103,S101,S1,S100,D1")] TrM trM)
{
if (ModelState.IsValid)
{
db.Entry(trM).State = EntityState.Modified;
db.SaveChanges();
return RedirectToAction("View",trM);
}
return View(trM);
}
我正在从 view 调用此 controller method 并附上凭证列表。现在我必须为某个 角色 禁用视图中的 Edit ActionLink 按钮,我该如何实现?
@Html.Actionlink("Edit", "Edit", "Controller", new{@class = "btn btn-success"})
目前它会自动将视图重定向到登录页面。
方式一:
您可以使用自定义 ActionLink 扩展在服务器端处理它,该扩展检查是否根据角色向用户显示编辑 link:
public static class LinkExtensions
{
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(), new RouteValueDictionary());
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, object routeValues)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(routeValues), new RouteValueDictionary());
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, controllerName, new RouteValueDictionary(), new RouteValueDictionary());
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, RouteValueDictionary routeValues)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, routeValues, new RouteValueDictionary());
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, object routeValues, object htmlAttributes)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(routeValues), new RouteValueDictionary(htmlAttributes));
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, RouteValueDictionary routeValues, IDictionary<string, object> htmlAttributes)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, routeValues, htmlAttributes);
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, object routeValues, object htmlAttributes)
{
return htmlHelper.ActionLinkAuthorized(linkText, actionName, controllerName, new RouteValueDictionary(routeValues), new RouteValueDictionary(htmlAttributes));
}
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, RouteValueDictionary routeValues, IDictionary<string, object> htmlAttributes)
{
if (UserInRole()) // your business logic here for role check
{
return htmlHelper.ActionLink(linkText, actionName, controllerName, routeValues, htmlAttributes);
}
return MvcHtmlString.Empty;
}
}
并在视图中使用它:
@Html.ActionLinkAuthorized("Edit", "Edit", "Controller", new{@class = "btn btn-success"})
方式二:
您可以修改您的自定义属性代码以重定向到显示用户 he/she 未授权查看此页面的页面:
public class AuthorizationAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
string actionName = filterContext.ActionDescriptor.ActionName;
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
if (!AllowedToAccess()) // if not in specific role show page with message that user is unauthorized to view this page
{
string redirectUrl = string.Format("?returnUrl={0}", filterContext.HttpContext.Request.Url.PathAndQuery);
filterContext.HttpContext.Response.Redirect(FormsAuthentication.LoginUrl + redirectUrl, true);
}
else
{
base.OnActionExecuting(filterContext); if authorized user allow it to view
}
}
并在 Web.Config 中为该操作设置 url,当用户不在角色中时将调用该操作:
<authentication mode="Forms">
<forms loginUrl="~/UnAuthorized" timeout="2880" />
</authentication>
您可以使用 razor 检查当前用户是否在指定角色中:
@if (User.IsInRole("AddCOA"))
{
@Html.Actionlink("Edit", "Edit", "Controller", new { @class = "btn btn-success" })
}
else
{
@Html.Actionlink("Edit", "Edit", "Controller", new { @class = "btn btn-success disbled" })
}