在ASP.NET MVC中构建CustomAuthorization

Question

在DB我有Role和User一对多关系的实体.

我想要做的是建立自定义授权过滤器.我见过的所有教程都使用默认ASP.NET会员资格.我所知道的是,我需要继承,AuthorizationAttribute但不知道我需要覆盖哪些方法以及如何实现它们.

public class UserAuth : AuthorizeAttribute
{

}

在DB:

角色

public class Role
{
    [Key]
    public int RoleID { get; set; }

    [Required]
    public int RolenameValue { get; set; }

    [MaxLength(100)]
    public string Description { get; set; }

    // // // // //

    public Rolename Rolename 
    {
        get { return (ProjectName.Domain.Enums.Rolename)RolenameValue; }
        set { RolenameValue = (int)value; }
    }

    public virtual ICollection<User> Users { get; set; }
}

用户

public class User
{
    [Key]
    public int UserID { get; set; }

    [Required]
    [MaxLength(30)]
    public string Username { get; set; }

    [Required]
    [MinLength(5)]
    public string Password { get; set; }

    [Required]
    [DataType(DataType.EmailAddress)]
    public string Email { get; set; }

    [MaxLength(30)]
    public string FirstName { get; set; }

    [MaxLength(50)]
    public string LastName { get; set; }

    [DataType(DataType.Date)]
    public DateTime Birthdate { get; set; }

    public int GenderValue { get; set; }

    // // // // // // //

    public Gender Gender
    {
        get { return (ProjectName.Domain.Enums.Gender)GenderValue; }
        set { GenderValue = (int)value; }
    }

    public int RoleID { get; set; }

    [ForeignKey("RoleID")]
    public Role Role { get; set; }

Answer 1

您无需创建自定义属性.您可以使用现有的,AuthoriseAttribute但您应该做的是实现Principal将使用您自己的DB角色的自定义类.在您的Principal课程中,您将实现IsInRole方法:

public bool IsInRole(string role)
{
    if(this.Roles == null)
        this.Roles = DependencyResolver.Current
           .GetService<ISecurityService>()
           .GetUserPermissions(this.Identity.Name);

    return this.Roles.Any(p => p.Name == role);
}

您应该Principal在Global.asax中设置自定义

    void OnPostAuthenticateRequest(object sender, EventArgs e)
    {
         // Get a reference to the current User 
        IPrincipal user = HttpContext.Current.User; 

        // If we are dealing with an authenticated forms authentication request         
        if (user.Identity.IsAuthenticated && user.Identity.AuthenticationType == "Forms") 
        { 
            // Create custom Principal 
            var principal = new MyCustomPrincipal(user.Identity); 

            // Attach the Principal to HttpContext.User and Thread.CurrentPrincipal 
            HttpContext.Current.User = principal; 
            System.Threading.Thread.CurrentPrincipal = principal; 
        }
    }