Mvc5+ef6 Getting Started full tutorial 12--flexible control of action permissions

Source: Internet
Author: User

Original: Mvc5+ef6 Getting Started complete tutorial 12--flexible control of action permissions

Everyone has been waiting.

This topic focuses on the permissions scheme in MVC.

Permission control is a problem that every system must solve and is one of the most discussed topics in the garden.

In the previous series we used the Sysuser, Sysrole, Sysuserrole, which are examples of the sample tables.

Based on this, we complete the core functions of RBAC (role-based control).

Given my best practice here, the end result is that for any action or controller, you can control access based on the role you configure.

Once you have completed this core feature, you can extend common functionality in two ways:

1. Ability to control permissions based on the organization/user/role's set

2. Based on this core function, the dynamic configuration of the menu is realized.

This article will first complete the core function, the extension part of the content in the subsequent article again.

article outline
    • Overview Highlights
    • Theoretical basis
    • Detailed steps
    • Summarize
Overview Essentials (knowledge points)

First, MVC form authentication identity basis

Typical usage Examples:

1. Web. config à system.web configuration section, open form authentication

2. Add filtering on a control or action that requires authentication, such as restricting only Scott can access


There are two other common forms, namely:

The logged-on user can access

[Authorize]

Users with Admin role can access

[Authorize (Roles = "Admin")]

Filter conditions can be added to the action or the entire controller.

Second, MVC permission filter extension

It is obvious that there are two drawbacks in the above solution:

1. Modify the permissions in the action, controller on the modified after the need to recompile, inflexible.

2. Role in the filter is a built-in object that cannot be filtered by roles without using the integrated permissions scheme of ASP.

To solve these two problems, you just need to extend the class Authorizeattribute.

Theoretical Basis

To enable the use of custom role control permissions, we need to extend or bypass the membership and role provider frameworks of ASP.

1. Extension: Implementation of custom Membership/role provider

2. Bypass: Do not use directly

We choose to bypass the way, so the words are more flexible.

(because if your character structure is inconsistent with the system, it's more cumbersome to use an extended approach.)

We use the form certification of the three core API, using only these APIs can reduce the workload, but also with the Membership/role provider to remain independent, fish and bear cake both.

1. Formsauthentication.setauthcookie

After the user logs in, specify the user name

2. request.isauthenticated

return true after login

3. HttpContext.Current.User.Identity.Name

Returns the user name of the login

The complete process of permission filtering:

1. Authetication (login)

After the login is successful, call Formsauthentication.setauthcookie to set a user name.

2. Authorization (Authorization)

New Custom Authorization Attribute class: Customauthorizeattribute (inherited from Authorizeatrribute), Extended rights filter

3. Similar to the default authorize attribute usage, additional custom authorize attribute to controller or action to implement permission filtering

Detailed Steps

Here are the implementation steps.

first, enable form authentication, complete login/exit basic function

1. Enable form authentication

Web. config à system.web configuration section, enabling form authentication

2. Complete login/exit basic function

New Controller:accountcontroller

Login function:

Exit function

Corresponding view (please view the source file directly)

Second, prepare the permissions configuration file.

1. Basic data used: User, role and user/role relationship

2. Permission relationship for role and action

Here we first use an XML instead, and the subsequent final project will be unified into the DB when it is finished.

New Folder config, new actionroles file, configuring Action/role correspondence

Description

When action is not configured, access is granted by default;

The Action configuration role is empty and has access rights.

iii. expansion of Authorizeattribute

1. New class Customauthorizeattribute, inheritance and Authorizeattribute

Override two methods:

A. Called when authorization is requested:

B. Provide an entry point for custom authorization checks, via True

Specific implementation:

The implementation of the getactionroles used above:

Summary

At this point, the entire process of permission control is OK, let's test it.

New HomeController, new action to do test (Index, About,contact)

Review the underlying data.

Scott role is General Users

The XML configuration is:

We add [customauthorize] to the whole homecontroller.

Examples of usage scenarios:

1. Index is configured to be empty and accessible to anyone

2. About configuration as manager, Administrators, General Users can access

Skip to login interface when not logged in

3. Contact configuration for administrators can access

Scott's role is General Users, not in the permissions table, login not in this page

Additional notes:

For example, you can set the global.

This allows you to apply a custom filter to all actions without requiring a single setting.

Welcome all comments and support, wish to learn progress:)

Ps.

In addition, the Company research and Development Department recruitment Engineer 2 (R language Direction &. NET development direction), the main research and development data visualization related new products, interested can blog Park short message contact me.

Base in Suzhou high-tech Zone

Full Catalog:

      • Mvc5+ef6 Getting Started complete tutorial 12--flexible control of action permissions @20160504
      • Mvc5+ef6 Getting Started complete tutorial 11--the application of storage mode in MVC @20150914
      • Mvc5+ef6 Getting Started complete tutorial 10: Many-to-many association table updates & using native sql@20150521
      • Mvc5+ef6 Getting Started complete Tutorial 9: Multi-table Data loading @20150212
      • Mvc5+ef6 Getting Started complete tutorial 8: Database structure upgrade without data loss @20141215
      • Mvc5+ef6 Getting Started complete tutorial 7: Sorting Filtering paging @20141201
      • Mvc5+ef6 Getting Started complete Tutorial 6: Partial View @20141117
      • Mvc5+ef6 Getting Started complete tutorial 5:ui some makeover @20141113
      • Mvc5+ef6 Getting Started complete tutorial 4:ef basic crud @20141104
      • Mvc5+ef6 Getting Started complete tutorial 3:ef complete development process @20141027
      • Mvc5+ef6 Getting Started complete Tutorial 2: The front-end UI begins @20141021
      • Mvc5+ef6 Getting Started complete Tutorial 1: Starting from 0

Mvc5+ef6 Getting Started full tutorial 12--flexible control of action permissions

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.