如何创建一个“安全感知”操作链接来检测用户是否有权点击(调用)操作?
如果用户不允许使用该操作,请隐藏链接…
如果用户不允许使用该操作,请隐藏链接…
取决于
> web.config(授权)和
> [Authorize]属性操作
PS
我想在MVC中混合这两个是不好的做法?
解决方法
这是从MvcSitemap项目中偷取的一些代码,并修改为我自己的使用。如果我记得这个代码已被修改为MVC2,并且某些功能可能必须被重新移植到MVC1。
将MVC和FormsAuthentication混合在一起的不错的做法,MVC的默认身份验证方法围绕现有的Asp.net安全基础架构构建。
public static class SecurityTrimmingExtensions { public static bool HasActionPermission( this HtmlHelper htmlHelper,string actionName,string controllerName ) { //if the controller name is empty the ASP.NET convention is: //"we are linking to a different controller ControllerBase controllerToLinkTo = string.IsNullOrEmpty(controllerName) ? htmlHelper.ViewContext.Controller : GetControllerByName(htmlHelper,controllerName); var controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext,controllerToLinkTo); var controllerDescriptor = new ReflectedControllerDescriptor(controllerToLinkTo.GetType()); var actionDescriptor = controllerDescriptor.FindAction(controllerContext,actionName); return ActionIsAuthorized(controllerContext,actionDescriptor); } private static bool ActionIsAuthorized(ControllerContext controllerContext,ActionDescriptor actionDescriptor) { if (actionDescriptor == null) return false; // action does not exist so say yes - should we authorise this?! AuthorizationContext authContext = new AuthorizationContext(controllerContext); // run each auth filter until on fails // performance could be improved by some caching foreach (IAuthorizationFilter authFilter in actionDescriptor.GetFilters().AuthorizationFilters) { authFilter.OnAuthorization(authContext); if (authContext.Result != null) return false; } return true; } private static ControllerBase GetControllerByName(HtmlHelper helper,string controllerName) { // Instantiate the controller and call Execute IControllerFactory factory = ControllerBuilder.Current.GetControllerFactory(); IController controller = factory.CreateController(helper.ViewContext.RequestContext,controllerName); if (controller == null) { throw new InvalidOperationException( String.Format( CultureInfo.CurrentUICulture,"Controller factory {0} controller {1} returned null",factory.GetType(),controllerName)); } return (ControllerBase)controller; } }
Html助手
public static class SecurityTrimmedLink { public static MvcHtmlString SecurityTrimmedActionLink(this HtmlHelper htmlHelper,string linkName,string actionName) { return htmlHelper.HasActionPermission(actionName,"") ? htmlHelper.ActionLink(linkName,actionName) : MvcHtmlString.Create(""); } public static MvcHtmlString SecurityTrimmedActionLink(this HtmlHelper htmlHelper,RouteValueDictionary routeValueDictionary ) { return htmlHelper.HasActionPermission(actionName,actionName,routeValueDictionary) : MvcHtmlString.Create(""); } public static MvcHtmlString SecurityTrimmedActionLink(this HtmlHelper htmlHelper,object routeValues,object htmlAttributes ) { return htmlHelper.HasActionPermission(actionName,routeValues,htmlAttributes) : MvcHtmlString.Create(""); } public static MvcHtmlString SecurityTrimmedActionLink(this HtmlHelper htmlHelper,string controllerName) { return htmlHelper.HasActionPermission(actionName,controllerName) ? htmlHelper.ActionLink(linkName,controllerName) : MvcHtmlString.Create(""); } public static MvcHtmlString SecurityTrimmedActionLink(this HtmlHelper htmlHelper,string controllerName,object htmlAttributes) { return htmlHelper.HasActionPermission(actionName,controllerName,htmlAttributes) : MvcHtmlString.Create(""); } }
警告:这不会在MVC 5中工作,因为调用FindAction()不会返回一个动作描述符
我试图找到这个问题,不能完成编程工作。