本文介绍了MVC授权属性否认的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我使用了授权()属性,以确保我的控制器/行动,并希望只显示登录行动,未授权的用户 - 或者换一种说法,拒绝访问身份验证的用户。
我一直没能找到网络处理要么拒绝许可或允许负权限(即!的loggedIn)
这是什么可有人请点我朝着正确的方向?
MVC2,.NET 4中
编辑::要clairfy,我想是这样的:
公共类PublicController
继承ControllerBase <授权()> 只有登录用户可以注销
公共职能退出()为的ActionResult
返回查看()
结束功能 这里的东西,表明唯一的非授权用户查看这个动作
公共功能登录()为的ActionResult
返回查看()
结束功能末级
解决方案
难道是像这样简单:
公共类DenyAttribute:AuthorizeAttribute
{
保护覆盖布尔AuthorizeCore(HttpContextBase的HttpContext)
{
返回base.AuthorizeCore(HttpContext的)!;
}
}
I'm using the Authorize() attribute to secure my controllers/actions and want to only display the Login action to unauthenticated users - or to put it another way, deny access to authenticated users.
I haven't been able to find anything on the web dealing with either denying permission or allowing negative permissions (ie !LoggedIn)
Can someone please point me in the right direction?
MVC2, .Net 4
EDIT: To clairfy, I want something like this:
Public Class PublicController
Inherits ControllerBase
<Authorize()> 'Only logged-in users can logout
Public Function Logout() as ActionResult
Return View()
End Function
'Something here to indicate that only NON-authorized users should see this action
Public Function Login() as ActionResult
Return View()
End Function
End Class
解决方案
Could it be as simple as this:
public class DenyAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return !base.AuthorizeCore(httpContext);
}
}
这篇关于MVC授权属性否认的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!