一种方法是为角色创建自己的表.在这种情况下,您将只使用Asp网络会员用户,但这一切都取决于您的要求.

其次你必须在MVC中处理它.在我看来,最好的方法是通过你自己的自定义Authorization属性来实现它,并用你的自定义授权属性而不是[Authorization]属性来装饰你的控制器的动作.

它非常简单.

[CustomAuthorize]
//[Authorize]
public ActionResult GetProjectTasks(string projectname)
{

}

为此,您必须使用FilterAttribute固有您的类,并且还必须实现IAuthorizationFilter接口.

public void OnAuthorization(AuthorizationContext filterContext)
    {
        HttpCookie authCookie = filterContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName];

        if (authCookie != null)
        {
            FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
            var identity = new GenericIdentity(authTicket.Name,"Forms");
            var principal = new GenericPrincipal(identity,new string[] { authTicket.UserData });
            filterContext.HttpContext.User = principal;
        }

        var controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
        var action = filterContext.ActionDescriptor.ActionName;
        var user = filterContext.HttpContext.User;
        var ip = filterContext.HttpContext.Request.UserHostAddress;

        var isAccessAllowed = CustomAuthenticationLogic.IsAccessAllowed(controller,action,user,ip);
        if (!isAccessAllowed)
        {
            // Code if user is authenticated
            FormsAuthentication.RedirectToLoginPage();
        }            
    }

在OnAuthorization方法中,您可以获得自定义授权逻辑中可能需要的所有信息,如HttpContext,Controller name,Action name.您必须从此方法调用自定义身份验证逻辑.
您的自定义身份验证逻辑可能如下所示.

public class CustomAuthenticationLogic
{
    public static bool IsAccessAllowed(string controller,string action,IPrincipal user,string ip)
    {
        //
        // Your custom logic here              
        //              
    }
}