基于分配的权限函数的授权

Question

我有三个表 dbo.PermissionFunc,dbo.Roles,dbo.Permissions为我asp.net MVC web application.

dbo.PermissionFunc包含项目中的所有函数名称. dbo.Roles包含用户角色,如admin,user,subuser等 dbo.Permissions包含RolesIdfrom dbo.Roles和PermissionFuncIdfrom dbo.PermissionFunc.我想authorization根据分配的值给出dbo.Permission.

有问题的更新: 使用查询来确定当前用户是否具有权限

        string mail = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
        var usr = _user.GetUserByMail(mail);
        var permFunc = _permissionfunc.FindByName("ActionResultName");
        var permission = _permission.checkIfPermitted(Convert.ToInt64(usr.Usr_Role_ID), permFunc.PermFunc_ID);//usr.Usr_Role_ID is RoleId and permFunc.PermFunc_ID is the PermissionFunctionId
        if(permission != null)
        {
              //Permission granted
        }
        else
        {
             //Permission Rejected
        }

提前致谢

Answer 1

您可以使用检查其中的角色和权限的逻辑创建自定义AuthorizationAttribute,并将其用于需要该操作的操作.

您可以将mvc.filters与您的实现一起使用IAuthorizationFilter,以过滤每个请求.在你的注册中注册FilterConfig

filters.Add(new MyAuthorizationAttribute());

Answer 2

适用于上述问题的答案在这里：

授权控制器

#region CustomAuthorizationAttribute
public class CustomAuthorizationAttribute : AuthorizeAttribute
{

    private PermissionRepository _permission = new PermissionRepository();
    private PermissionFuncRepository _permissionFun = new PermissionFuncRepository();


    // roles start
    public string IdentityRoles
    {
        get { return _permissionName ?? String.Empty; }
        set
        {
            _permissionName = value;
        }
    }

    private string _permissionName;

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        //do the base class AuthorizeCore first

        if (httpContext.User.Identity.IsAuthenticated)
        {
            string RoleID = FormsAuthentication.Decrypt(httpContext.Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name.Split('|')[1];
            var permisionID = _permissionFun.FindByName(_permissionName);
            if(permisionID != null)
            {
                var permis = _permission.GetPermission().Where(a => a.Perm_PermFuncID == permisionID.PermFunc_ID && a.Perm_RollID.ToString() == RoleID).FirstOrDefault();
                if (permis != null)
                {
                    return true;
                }
            }
        }
        return false;

    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        //if the user is not logged in use the deafult HandleUnauthorizedRequest and redirect to the login page
        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
        else
        //if the user is logged in but is trying to access a page he/she doesn't have the right for show the access denied page
        {
            filterContext.Result = new RedirectResult("~/Home/AccessDenied");
        }
    }


}
#endregion

对于each ActionController，我按如下方式访问这些Authorization：

    [CustomAuthorization(IdentityRoles = "AdjustmentsView")]
    public ActionResult AdjustmentIndex()
    {
        var adjlist = _Adj.GetAdjustmentHead();
        List<AdjustmentHeadViewModel> adjustlist = new List<AdjustmentHeadViewModel>();
        foreach (var item in adjlist)
        {
            Mapper.Initialize(cfg => cfg.CreateMap<AdjustmentHead, AdjustmentHeadViewModel>());
            AdjustmentHeadViewModel entity = Mapper.Map<AdjustmentHead, AdjustmentHeadViewModel>(item);
            adjustlist.Add(entity);
        }
        return View(adjustlist);
    }