asp.net-mvc – “安全感知”动作链接?

前端之家收集整理的这篇文章主要介绍了asp.net-mvc – “安全感知”动作链接?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
如何创建一个“安全感知”操作链接来检测用户是否有权点击(调用)操作?
如果用户不允许使用该操作,请隐藏链接

取决于

> web.config(授权)和
> [Authorize]属性操作

PS
我想在MVC中混合这两个是不好的做法?

解决方法

这是从MvcSitemap项目中偷取的一些代码,并修改为我自己的使用。如果我记得这个代码已被修改为MVC2,并且某些功能可能必须被重新移植到MVC1。

将MVC和FormsAuthentication混合在一起的不错的做法,MVC的默认身份验证方法围绕现有的Asp.net安全基础架构构建。

确定用户是否具有权限的代码

public static class SecurityTrimmingExtensions 
{

    public static bool HasActionPermission( this HtmlHelper htmlHelper,string actionName,string controllerName )
    {
        //if the controller name is empty the ASP.NET convention is:
        //"we are linking to a different controller
        ControllerBase controllerToLinkTo = string.IsNullOrEmpty(controllerName) 
                                                ? htmlHelper.ViewContext.Controller
                                                : GetControllerByName(htmlHelper,controllerName);

        var controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext,controllerToLinkTo);

        var controllerDescriptor = new ReflectedControllerDescriptor(controllerToLinkTo.GetType());

        var actionDescriptor = controllerDescriptor.FindAction(controllerContext,actionName);

        return ActionIsAuthorized(controllerContext,actionDescriptor);
    }


    private static bool ActionIsAuthorized(ControllerContext controllerContext,ActionDescriptor actionDescriptor)
    {
        if (actionDescriptor == null)
            return false; // action does not exist so say yes - should we authorise this?!

        AuthorizationContext authContext = new AuthorizationContext(controllerContext);

        // run each auth filter until on fails
        // performance could be improved by some caching
        foreach (IAuthorizationFilter authFilter in actionDescriptor.GetFilters().AuthorizationFilters)
        {
            authFilter.OnAuthorization(authContext);

            if (authContext.Result != null)
                return false;
        }

        return true;
    }

    private static ControllerBase GetControllerByName(HtmlHelper helper,string controllerName)
    {
        // Instantiate the controller and call Execute
        IControllerFactory factory = ControllerBuilder.Current.GetControllerFactory();

        IController controller = factory.CreateController(helper.ViewContext.RequestContext,controllerName);

        if (controller == null)
        {
            throw new InvalidOperationException(

                String.Format(
                    CultureInfo.CurrentUICulture,"Controller factory {0} controller {1} returned null",factory.GetType(),controllerName));

        }

        return (ControllerBase)controller;
    }

}

Html助手

public static class SecurityTrimmedLink
{
    public static MvcHtmlString SecurityTrimmedActionLink(this HtmlHelper htmlHelper,string linkName,string actionName)
    {
        return htmlHelper.HasActionPermission(actionName,"")
                   ? htmlHelper.ActionLink(linkName,actionName)
                   : MvcHtmlString.Create("");
    }        

    public static MvcHtmlString SecurityTrimmedActionLink(this HtmlHelper htmlHelper,RouteValueDictionary routeValueDictionary )
    {
        return htmlHelper.HasActionPermission(actionName,actionName,routeValueDictionary)
                   : MvcHtmlString.Create("");
    }

    public static MvcHtmlString SecurityTrimmedActionLink(this HtmlHelper htmlHelper,object routeValues,object htmlAttributes )
    {
        return htmlHelper.HasActionPermission(actionName,routeValues,htmlAttributes)
                   : MvcHtmlString.Create("");
    }

    public static MvcHtmlString SecurityTrimmedActionLink(this HtmlHelper htmlHelper,string controllerName)
    {
        return htmlHelper.HasActionPermission(actionName,controllerName)
                   ? htmlHelper.ActionLink(linkName,controllerName)
                   : MvcHtmlString.Create("");
    }

    public static MvcHtmlString SecurityTrimmedActionLink(this HtmlHelper htmlHelper,string controllerName,object htmlAttributes)
    {
        return htmlHelper.HasActionPermission(actionName,controllerName,htmlAttributes)
                   : MvcHtmlString.Create("");
    }
}

警告:这不会在MVC 5中工作,因为调用FindAction()不会返回一个动作描述符

我试图找到这个问题,不能完成编程工作。

猜你在找的asp.Net相关文章