zoukankan      html  css  js  c++  java

  • Security » Authorization » 基于视图的授权

    • View Based Authorization 基于视图的授权

      44 of 46 people found this helpful

      Often a developer will want to show, hide or otherwise modify a UI based on the current user identity. You can access the authorization service within MVC views via dependency injection. To inject the authorization service into a Razor view use the @inject directive, for example @inject IAuthorizationService AuthorizationService. If you want the authorization service in every view then place the @inject directive into the _ViewImports.cshtml file in the Views directory. For more information on dependency injection into views see Dependency injection into views.

    • 开发者经常需要根据当前用户的身份来确定是否展示、隐藏或者是否修改一个页面。你可以通过依赖注入在MVC的视图中使用授权服务。要将授权服务注入Razor视图就要使用@inject 命令,例如@inject IAuthorizationService AuthorizationService。 如果想在左右视图中使用授权服务,就把@inject 命令放置于Views目录内的_ViewImports.cshtml文件中。 更多的依赖注入到视图的信息,请参看Dependency injection into views

    • Once you have injected the authorization service you use it by calling the AuthorizeAsync method in exactly the same way as you would check during resource based authorization.

    • 一旦将授权服务注入后,就可通过调用AuthorizeAsync 方法来使用了,就和resource based authorization(基于资源的授权)中进行的检查一模一样。

      @if (await AuthorizationService.AuthorizeAsync(User, "PolicyName"))
{
    <p>This paragraph is displayed because you fulfilled PolicyName.</p>
}

      In some cases the resource will be your view model, and you can call AuthorizeAsync in exactly the same way as you would check during resource based authorization;

    • 在某些情况下,资源就是你的视图模型,可通过与resource based authorization(基于资源的授权)中一样的方法来调用AuthorizeAsync

      @if (await AuthorizationService.AuthorizeAsync(User, Model, Operations.Edit))
{
    <p><a class="btn btn-default" role="button"
        href="@Url.Action("Edit", "Document", new { id = Model.Id })">Edit</a></p>
}

    • Here you can see the model is passed as the resource authorization should take into consideration.

    • 在这里,您可以看到该模型被作为资源授权而传递了。

      Warning 注意

      Do not rely on showing or hiding parts of your UI as your only authorization method. Hiding a UI element does not mean a user cannot access it. You must also authorize the user within your controller code.

      不要依赖于显示或隐藏你的用户界面的部分作为你唯一的授权方法。隐藏一个用户界面元素并不意味着用户无法访问它。您还必须授权您的控制器代码中的用户。

       

      原文链接
  • 相关阅读:
    python总结4
    python中if __name__ == '__main__': 的解析
    matlab学习1
    phpstorm xdebug环境搭建
    uniapp 直播跳转小程序组件
    vue中异步函数async和await的用法
    TFS 2010安装配置(Advance)失败记录
    WIN2003 SMTP Service issue
    WIN2003 ftp server权限设置
    Discuz 7.2 SC UTF8设置
  • 原文地址:https://www.cnblogs.com/jqdy/p/5995737.html
Copyright © 2011-2022 走看看