问题描述

我使用了授权（）属性，以确保我的控制器/行动，并希望只显示登录行动，未授权的用户 - 或者换一种说法，拒绝访问身份验证的用户。

我一直没能找到网络处理要么拒绝许可或允许负权限（即！的loggedIn）

可有人请点我朝着正确的方向？

MVC2，.NET 4中

编辑：：要clairfy，我想是这样的：

 公共类PublicController
    继承ControllerBase    ＆LT;授权（）＆GT; 只有登录用户可以注销
    公共职能退出（）为的ActionResult
        返回查看（）
    结束功能    这里的东西，表明唯一的非授权用户查看这个动作
    公共功能登录（）为的ActionResult
        返回查看（）
    结束功能末级
 

难道是像这样简单：

 公共类DenyAttribute：AuthorizeAttribute
{
    保护覆盖布尔AuthorizeCore（HttpContextBase的HttpContext）
    {
        返回base.AuthorizeCore（HttpContext的）！;
    }
}
 

I'm using the Authorize() attribute to secure my controllers/actions and want to only display the Login action to unauthenticated users - or to put it another way, deny access to authenticated users.

I haven't been able to find anything on the web dealing with either denying permission or allowing negative permissions (ie !LoggedIn)

Can someone please point me in the right direction?

MVC2, .Net 4

EDIT: To clairfy, I want something like this:

Public Class PublicController
    Inherits ControllerBase

    <Authorize()> 'Only logged-in users can logout
    Public Function Logout() as ActionResult
        Return View()
    End Function

    'Something here to indicate that only NON-authorized users should see this action
    Public Function Login() as ActionResult
        Return View()
    End Function

End Class

Could it be as simple as this:

public class DenyAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        return !base.AuthorizeCore(httpContext);
    }
}

这篇关于MVC授权属性否认的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！