An ASP. NET core MVC permissions control code example that controls operation permissions in a View details

This article focuses on ASP. NET core MVC Permissions control: Control operation permissions in the view. Have a good reference value, follow the small series together to see it

The permission validation framework is provided in ASP. In the previous article, how to configure the rights control, the permissions are configured, the authorization logic will be executed automatically, but in some cases, we may need to in the code or view by hand to determine the permissions, We will now introduce the specific method of operation.

If in the Controller method you want to determine whether the current user has a permission, you can directly use the HttpContext.User.HasClaim (String cliamtype,string cliamvalue) method to judge, the method returns the bool type, Returns true to indicate that there is a permission, otherwise does not have.

In the view we often need to control a button or hyperlink permissions, with the permission button is displayed, otherwise unrealistic. How can we achieve this effect? Methods are described below:

1, use HttpContext.User.HasClaim (String cliamtype,string cliamvalue) to determine permissions directly in the view, and then control whether the button is displayed

@if (HttpContext.User.HasClaim ("User", "delete") {<input type= ' button ' value= "delete"/>}

The above code is written in the view, indicating that the Delete button is displayed if a user's delete permission is present. This way, for example, in all areas where verification is required, it is written in this format.

2, with the help of the new features of ASP. Taghelper can simplify the first way, as to what is Taghelper, and its role here is no longer introduced, you can Baidu or Google search, here directly describes how to customize the rights to verify the Taghelper.

<a asp-claim= "Goods,edit" asp-action= "Addgoods" asp-route-id= "@goods. Id "class=" Btn-icon "title=" edit "><i class=" Icon-common-edit icon-pencil "></i></a>

The above code is our final effect, indicating that this hyperlink is displayed when the user has claim (type=goods,value=edit) permission, and we will show you how to implement this taghelper.

1) First we define a class that derives from the Taghelper class and adds the claim property definition and adds ViewContext

Class Claimtaghelper:taghelper{private const string claimattributename = "Asp-claim";    Public Claimtaghelper ()    {    }    [Htmlattributename (claimattributename)] public    string Claim {get; set;}}

2) Our permission control Taghelper only applies to button,a,input elements, all of which we need to add htmltargetelement features, the code is as follows:

[Htmltargetelement ("a", Attributes = claimattributename)]  [Htmltargetelement ("button", Attributes = claimattributename)]  [Htmltargetelement ("input", Attributes = claimattributename, tagstructure = Tagstructure.withoutendtag)]  public class claimtaghelper:taghelper{...}

3) Rewrite the Taghelper process method and use HttpContext.User.HasClaim in the method to determine the permissions. Access to HttpContext in the view must be aided by the ViewContext object, so we need to add viewcontext references to the current Taghelper class, with the following code:

public class claimtaghelper:taghelper{..... [Htmlattributenotbound]    [ViewContext]    Public ViewContext ViewContext {get; set;} ...}

The basic conditions are available, and then the process is implemented, directly on the code:

public override void Process (Taghelpercontext context, taghelperoutput output)    {      if (string. IsNullOrEmpty (Claim))      {        return;      }      string[] Claimdata = Claim.split (new char[] {'-'}, stringsplitoptions.removeemptyentries);      if (claimdata.length = = 1)      {        if (! ViewContext.HttpContext.User.HasClaim (m = M.type = = claimdata[0]))        {          //no permission          output. Suppressoutput ();        }      }      else      {        if (! ViewContext.HttpContext.User.HasClaim (m = M.type = = Claimdata[0] && M.value = = claimdata[1]))        {          No permission          output. Suppressoutput ();}}}      

Here is the introduction, thank you, if there are shortcomings, welcome to the guidance of everyone.

The above is the detailed description of the code example of ASP. NET core MVC permissions control in the view control operation permissions, and more about topic.alibabacloud.com (www.php.cn)!

