现有数据库模型(简化):
在创建身份时,可以为其分配一个或多个由受信任方发布的声明。是一个名称值对,它表示主体是什么,而不是主体可以做什么。
将AccessItems存储为UserClaims似乎不是一个好主意,
例如:
但从另一方面来说,我想不出另一种方法。
在搜索了很多次之后,我想不出如何在ASP.NET身份中使用角色或声明来表示这个模型。
为什么?
ASP.NET身份对我来说似乎很美好,我现在正试图更好地理解它。
很抱歉,如果我不能清楚地表达我的问题,请告诉我任何疑问。
发布于 2018-05-29 07:10:51
我认为你在正确的轨道上。我有很多表示这样的用户角色的经验,我个人的偏好(我主要处理大型企业项目)是使用ASP.NET身份进行身份验证,并使用自定义代码处理访问控制。
对于较小的项目,我相信您可以像我在下面所做的那样自定义IsUserInRole方法。
public class CustomRoleProvider : RoleProvider
{
/// <summary>
/// Gets a list of roles assigned to a particular User
/// </summary>
/// <param name="UserID">ID of the User</param>
/// <param name="context">DbContext</param>
/// <returns></returns>
public static List<string> GetUserRoles(int UserID, UserContext context)
{
return context.UserList
.Where(s => s.UserID == UserID)
.SelectMany(s => s.AccessGroup.GroupRoles)
.Select(gr => gr.RoleID.ToString()).ToList();
}
/// <summary>
/// Gets a list of roles assigned to a particular user
/// </summary>
/// <param name="username">username of the user [or "" for current user]</param>
/// <param name="context">DbContext</param>
/// <returns></returns>
public static List<string> GetUserRoles(string username, UserContext context)
{
return context.UserList
.Where(s => s.Username == username)
.SelectMany(s => s.AccessGroup.GroupRoles)
.Select(gr => gr.RoleID.ToString()).ToList();
}
//roleName = RoleId; so that only the IDs are stored in session...
public override bool IsUserInRole(string username, string roleName)
{
return GetUserRoles(username, new UserContext()).Contains<string>(roleName);
}
public override string[] GetRolesForUser(string username)
{
return GetUserRoles(username, new UserContext()).ToArray();
}
public override string[] GetAllRoles()
{
return new UserContext().UserRoleList.Select(r => r.RoleID.ToString()).ToArray();
}
public override bool RoleExists(string roleName)
{
return new UserContext().UserRoleList.Where(r => r.RoleID.ToString().Equals(roleName)).Count() > 0;
}
public override string ApplicationName
{
get { return "Your Application Name"; }
set { }
}
public override string[] GetUsersInRole(string roleName)
{
throw new System.NotImplementedException();
}
public override string[] FindUsersInRole(string roleName, string usernameToMatch)
{
throw new System.NotImplementedException();
}
public override void AddUsersToRoles(string[] usernames, string[] roleNames)
{
throw new System.NotImplementedException();
}
public override void CreateRole(string roleName)
{
throw new System.NotImplementedException();
}
public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
{
throw new System.NotImplementedException();
}
public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
{
throw new System.NotImplementedException();
}
}
https://stackoverflow.com/questions/50572056
复制相似问题