我正在看MVC账户控制器,似乎来自于ASP.NET Webforms.有没有什么好的背景信息如何使用它?
您可以将其映射到用户数据库表,还是更好地滚动您自己的用户管理?
如何在MVC中使用它来限制登录用户可以查看的页面?你必须自己滚动所有这些吗?
网络上的哪些资源可以帮助您了解ASP.NET会员资格?
解决方法
I’m looking at the MVC account
controller…. it seems to be from
asp.net?
Scott Guthrie在他关于ASP.NET MVC Preview 4的博客条目中解释得很好.他基本上说MVC示例中的Account Controller使用ASP.NET成员资格提供者,因此可以使用其中的任何一个. (我想你可以在互联网上找到关于ASP.NET会员提供商的更多信息.)如果您不想实现/使用其中之一,修改应用程序以使用您自己的用户管理可能是最佳选择.
How do you make use of it in MVC to
restrict what pages a logged in user
can view? Do you have to roll all of
that on your own?
您可以将Authorize属性添加到控制器类或操作方法. (同上source)
// Only logged in users can access this controller.
[Authorize]
public class SomeController : Controller
{
#region Not really important for this example. :]
// Maybe rather use a BLL service here instead of the repository from the DAL,but this example is already more verbose than required.
private IStuffRepository stuffRepository;
public SomeController(IStuffRepository stuffRepository)
{
if (null == stuffRepository)
{
throw new ArgumentNullException("stuffRepository");
}
this.stuffRepository = stuffRepository;
}
#endregion
// The authorize attribute is inherited - only logged in users can use the index action.
public ActionResult Index()
{
return View();
}
// Moderators can flag stuff.
[Authorize(Roles="Moderator")]
public ActionResult Flag(int id)
{
this.stuffRepository.Flag(id);
return RedirectToAction("Index");
}
// Admins ans SysOps can delete stuff.
[Authorize(Roles="Admin,SysOp")]
public ActionResult Delete(int id)
{
this.stuffRepository.Delete(id);
return RedirectToAction("Index");
}
// Only joed can change the objects stuff. ;)
// (This is probably bullshit,of course,but I could not make any better example. I blame the fact it is late at night. :))
[Authorize(Users="COMPANY\\joed")]
public ActionResult ChangeId(int oldId,int newId)
{
this.stuffRepository.ChangeId(oldId,newId);
return RedirectToAction("Index");
}
}
