本文介绍了MVC授权属性否认的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我使用了授权()属性,以确保我的控制器/行动,并希望只显示登录行动,未授权的用户 - 或者换一种说法,拒绝访问身份验证的用户。

我一直没能找到网络处理要么拒绝许可或允许负权限(即!的loggedIn)

这是什么

可有人请点我朝着正确的方向?

MVC2,.NET 4中

编辑::要clairfy,我想是这样的:

 公共类PublicController
    继承ControllerBase    <授权()> 只有登录用户可以注销
    公共职能退出()为的ActionResult
        返回查看()
    结束功能    这里的东西,表明唯一的非授权用户查看这个动作
    公共功能登录()为的ActionResult
        返回查看()
    结束功能末级


解决方案

难道是像这样简单:

 公共类DenyAttribute:AuthorizeAttribute
{
    保护覆盖布尔AuthorizeCore(HttpContextBase的HttpContext)
    {
        返回base.AuthorizeCore(HttpContext的)!;
    }
}

I'm using the Authorize() attribute to secure my controllers/actions and want to only display the Login action to unauthenticated users - or to put it another way, deny access to authenticated users.

I haven't been able to find anything on the web dealing with either denying permission or allowing negative permissions (ie !LoggedIn)

Can someone please point me in the right direction?

MVC2, .Net 4

EDIT: To clairfy, I want something like this:

Public Class PublicController
    Inherits ControllerBase

    <Authorize()> 'Only logged-in users can logout
    Public Function Logout() as ActionResult
        Return View()
    End Function

    'Something here to indicate that only NON-authorized users should see this action
    Public Function Login() as ActionResult
        Return View()
    End Function

End Class
解决方案

Could it be as simple as this:

public class DenyAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        return !base.AuthorizeCore(httpContext);
    }
}

这篇关于MVC授权属性否认的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-22 22:26
查看更多