ASP. NET Identity Role-rights Management 7

1. Validation Management

Reference: recognize 5 types of authorizationfilter for ASP.

An AOP-based validation mechanism and basic components have been provided in the ASP. NET MVC framework, with a focus on filterattribute.

1.1. New Validation attribute

Basic idea: The parent class validates the logic through, and then verifies that the current user's role has access rights. MVC already has a permission validation implementation Authorizeattribute, which only needs to inherit the class, overriding the appropriate method, and adding custom validation logic.

Note: The properties roles and users in a specific role with the user will not verify access rights.

public class Identityauthorizeattribute:authorizeattribute { <summary> Authorization context </summary> Private AuthorizationContext _filtercontext; #region overriding a parent class method <summary> overriding authorization validation methods </summary> <param name= "Filtercontext" ></param> public override void Onauthorization (AuthorizationContext filtercontext) { _filtercontext = Filtercontext; Base. Onauthorization (Filtercontext); } <summary> Overriding the core validation method </summary> <param name= "HttpContext" ></param> <returns></returns> protected override bool Authorizecore (HttpContextBase HttpContext) { To take the validation result of the parent class var result = base. Authorizecore (HttpContext); Call Access validation logic if validation is not passed if (!result) { Return haspermission (_filtercontext); } return result; } #endregion

Verify that the logged-on user has permissions by actiondescriptor fetch request information.

<summary> Whether the current request has access rights </summary> <param name= "Filtercontext" ></param> <returns></returns> private bool Haspermission (AuthorizationContext filtercontext) { Take the current user's permissions var rolepermissions = getuserpermissions (Filtercontext.httpcontext); Permission of the action to be accessed var action = new Applicationpermission { Action = FilterContext.ActionDescriptor.ActionName, Controller = FilterContext.ActionDescriptor.ControllerDescriptor.ControllerName, Description = Actionpermissionservice.getdescription (filtercontext.actiondescriptor) }; is authorized Return Rolepermissions.contains (Action, New Applicationpermissionequalitycomparer ()); }

1.2. Apply Validation Features

This attribute is added to the Controller or action to implement permission validation, and the Identityauthorize attribute is added to Basecontroller for convenience, and the corresponding controller inherits the class. The Administrator role in the example does not verify permissions.

[Identityauthorize (roles= "admin")] Public abstract class Basecontroller:controller

ASP. NET Identity Role-rights Management 7