在ASP.NET MVC5中建置以角色为基础的授权机制

在前一篇贴文中，已探索过如何在MVC5中自定ASP.NET Identity，接下来要来试试在MVC5中如何运用 ASP.NET Identity来设定一个以 "角色"为基础的授权机制。为了方便起见，简化了这个认证机制的内容，同时假设这是一个公司内部使用的应用程序，所以拿掉了"注册"的功能，所有的使用账 号管理都必须透过某一管理权限(Admin)的使用者来进行，也就是说只有具备有 Admin 角色的使用者可以执行”账户管理"的功能。

贴文内容:

建立MVC5新项目

修改相关 Mdels

扩展Identity Management Mdel 

 加入新字段

 建立Helper Class

扩展Accunt Management ViewMdels (AccuntViewMdels.cs)

 在RegisterViewMdel加入新字段 及 GetUser methd

 新增 EditUserViewMdel、SelectUserRlesViewMdel、SelectRleEditrViewMdel

修改相关 Cntrllers

修改AccuntCntrller 中 Register Methd 加入 Authrize attribute

加入 Index Methd (ActinResult)

加入 Edit Methd (ActinResult)

加入 Delete Methd (ActinResult)

加入 UserRles Methd (ActinResult)

修改相关 Views

修改Register.cshtml View 

新增Edit、Delete、Index 等方法的Views

新增UserRles.cshtml View 并 新增程序代码

新增 SelectRleEditrViewMdel.cshtml 在 Shared/EditrTemplates目录下

在主页面上新增”账号管理" 功能按钮

移除主页面上的注册功能

启动 Migratin功能

在Seed()方法中加入建立测试数据的程序代码

更新数据库

执行结果

 

建立MVC5新项目

 

 

修改相关 Models

 

1. 扩展Identity Management Model (IdentityModels.cs)

 

加入新字段：为使用者数据多加三个属性字段，分别是FirstName、LastName、Email。

 

 

建立Helper Class：利用Asp.Net Identity API建立一个 Identity Management Helper class: IdentityManager class，包含有建立角色、建立使用者...等功能。
 

 

IdentityModels.cs 完整程序

view sourceprint?

01.using Microsoft.AspNet.Identity;

02.using Microsoft.AspNet.Identity.EntityFramework;

03.using System.Collections.Generic;

04.using System.ComponentModel.DataAnnotations;

05. 

06.namespace RoleBaseProject.Models

07.{

08.// You can add profile data for the user by adding more properties to your ApplicationUser class, please visit http://go.microsoft.com/fwlink/?LinkID=317594 to learn more.

09.public class ApplicationUser : IdentityUser

10.{

11.[Required]

12.public string FirstName { get; set; }

13. 

14.[Required]

15.public string LastName { get; set; }

16.[Required]

17.public string Email { get; set; }

18.}

19. 

20.public class ApplicationDbContext : IdentityDbContext<ApplicationUser>

21.{

22.public ApplicationDbContext()

23.: base("DefaultConnection")

24.{

25.}

26.}

27. 

28.public class IdentityManager

29.{

30.// 判断角色是否已在存在

31.public bool RoleExists(string name)

32.{

33.var rm = new RoleManager<IdentityRole>(

34.new RoleStore<IdentityRole>(new ApplicationDbContext()));

35.return rm.RoleExists(name);

36.}

37.// 新增角色

38.public bool CreateRole(string name)

39.{

40.var rm = new RoleManager<IdentityRole>(

41.new RoleStore<IdentityRole>(new ApplicationDbContext()));

42.var idResult = rm.Create(new IdentityRole(name));

43.return idResult.Succeeded;

44.}

45.// 新增角色

46.public bool CreateUser(ApplicationUser user, string pass<a href="http://www.it165.net/edu/ebg/" target="_blank" class="keylink">word</a>)

47.{

48.var um = new UserManager<ApplicationUser>(

49.new UserStore<ApplicationUser>(new ApplicationDbContext()));

50.var idResult = um.Create(user, pass<a href="http://www.it165.net/edu/ebg/" target="_blank" class="keylink">word</a>);

51.return idResult.Succeeded;

52.}

53.// 将使用者加入角色中

54.public bool AddUserToRole(string userId, string roleName)

55.{

56.var um = new UserManager<ApplicationUser>(

57.new UserStore<ApplicationUser>(new ApplicationDbContext()));

58.var idResult = um.AddToRole(userId, roleName);

59.return idResult.Succeeded;

60.}

61.// 清除使用者的角色设定

62.public void ClearUserRoles(string userId)

63.{

64.var um = new UserManager<ApplicationUser>(

65.new UserStore<ApplicationUser>(new ApplicationDbContext()));

66.var user = um.FindById(userId);

67.var currentRoles = new List<IdentityUserRole>();

68.currentRoles.AddRange(user.Roles);

69.foreach(var role in currentRoles)

70.{

71.um.RemoveFromRole(userId, role.Role.Name);

72.}

73.}

74.}

75.}

2. 扩展Account Management ViewModels (AccountViewModels.cs)

 

在RegisterViewModel加入新字段 及 GetUser method

 

 

 

针对要新增的"账号管理"功能新增三个ViewModel，分别是: EditUserViewModel、SelectUserRolesViewModel、SelectRoleEditorViewModel

 

AccountViewModels.cs 完整程序

view sourceprint?

001.using Microsoft.AspNet.Identity.EntityFramework;

002.using System.Collections.Generic;

003.using System.ComponentModel.DataAnnotations;

004. 

005.namespace RoleBaseProject.Models

006.{

007.public class ExternalLoginConfirmationViewModel

008.{

009.[Required]

010.[Display(Name = "使用者名称")]

011.public string UserName { get; set; }

012.}

013. 

014.public class ManageUserViewModel

015.{

016.[Required]

017.[DataType(DataType.Password)]

018.[Display(Name = "目前密码")]

019.public string OldPassword { get; set; }

020. 

021.[Required]

022.[StringLength(100, ErrorMessage = "{0} 的长度至少必须为 {2} 个字符。", MinimumLength = 6)]

023.[DataType(DataType.Password)]

024.[Display(Name = "新密码")]

025.public string NewPassword { get; set; }

026. 

027.[DataType(DataType.Password)]

028.[Display(Name = "确认新密码")]

029.[Compare("NewPassword", ErrorMessage = "新密码与确认密码不相符。")]

030.public string ConfirmPassword { get; set; }

031.}

032. 

033.public class LoginViewModel

034.{

035.[Required]

036.[Display(Name = "使用者名称")]

037.public string UserName { get; set; }

038. 

039.[Required]

040.[DataType(DataType.Password)]

041.[Display(Name = "密码")]

042.public string Password { get; set; }

043. 

044.[Display(Name = "记住我?")]

045.public bool RememberMe { get; set; }

046.}

047. 

048.public class RegisterViewModel

049.{

050.[Required]

051.[Display(Name = "使用者名称")]

052.public string UserName { get; set; }

053. 

054.[Required]

055.[StringLength(100, ErrorMessage = "{0} 的长度至少必须为 {2} 个字符。", MinimumLength = 6)]

056.[DataType(DataType.Password)]

057.[Display(Name = "密码")]

058.public string Password { get; set; }

059. 

060.[DataType(DataType.Password)]

061.[Display(Name = "确认密码")]

062.[Compare("Password", ErrorMessage = "密码和确认密码不相符。")]

063.public string ConfirmPassword { get; set; }

064. 

065.[Required]

066.[Display(Name = "First Name")]

067.public string FirstName { get; set; }

068. 

069.[Required]

070.[Display(Name = "Last Name")]

071.public string LastName { get; set; }

072. 

073.[Required]

074.[Display(Name = "电子邮件信箱")]

075.public string Email { get; set; }

076. 

077.public ApplicationUser GetUser()

078.{

079.var user = new ApplicationUser()

080.{

081.UserName = this.UserName,

082.FirstName = this.FirstName,

083.LastName = this.LastName,

084.Email = this.Email,

085.};

086.return user;

087.}

088.}

089. 

090.public class EditUserViewModel

091.{

092.public EditUserViewModel() { }

093. 

094.// Allow Initialization with an instance of ApplicationUser:

095.public EditUserViewModel(ApplicationUser user)

096.{

097.this.UserName = user.UserName;

098.this.FirstName = user.FirstName;

099.this.LastName = user.LastName;

100.this.Email = user.Email;

101.}

102. 

103.[Required]

104.[Display(Name = "使用者账号")]

105.public string UserName { get; set; }

106. 

107.[Required]

108.[Display(Name = "名")]

109.public string FirstName { get; set; }

110. 

111.[Required]

112.[Display(Name = "姓")]

113.public string LastName { get; set; }

114. 

115.[Required]

116.[Display(Name = "电子邮件信箱")]

117.public string Email { get; set; }

118.}

119. 

120.public class SelectUserRolesViewModel

121.{

122.public SelectUserRolesViewModel()

123.{

124.this.Roles = new List<SelectRoleEditorViewModel>();

125.}

126. 

127.// Enable initialization with an instance of ApplicationUser:

128.public SelectUserRolesViewModel(ApplicationUser user)

129.: this()

130.{

131.this.UserName = user.UserName;

132.this.FirstName = user.FirstName;

133.this.LastName = user.LastName;

134. 

135.var Db = new ApplicationDbContext();

136. 

137.// Add all available roles to the list of EditorViewModels:

138.var allRoles = Db.Roles;

139.foreach (var role in allRoles)

140.{

141.// An EditorViewModel will be used by Editor Template:

142.var rvm = new SelectRoleEditorViewModel(role);

143.this.Roles.Add(rvm);

144.}

145. 

146.// Set the Selected property to true for those roles for

147.// which the current user is a member:

148.foreach (var userRole in user.Roles)

149.{

150.var checkUserRole =

151.this.Roles.Find(r => r.RoleName == userRole.Role.Name);

152.checkUserRole.Selected = true;

153.}

154.}

155. 

156.public string UserName { get; set; }

157.public string FirstName { get; set; }

158.public string LastName { get; set; }

159.public List<SelectRoleEditorViewModel> Roles { get; set; }

160.}

161. 

162.// Used to display a single role with a checkbox, within a list structure:

163.public class SelectRoleEditorViewModel

164.{

165.public SelectRoleEditorViewModel() { }

166.public SelectRoleEditorViewModel(IdentityRole role)

167.{

168.this.RoleName = role.Name;

169.}

170. 

171.public bool Selected { get; set; }

172. 

173.[Required]

174.public string RoleName { get; set; }

175.}

176. 

177.}

修改相关 Controllers

 

修改AccountController 中 Register Method 加入 Authorize attribute

 

 

 

必须具有Admin 角色者才能执行。

 

加入 Index Method (ActionResult)

view sourceprint?

01.[Authorize(Roles = "Admin")]

02.public ActionResult Index()

03.{

04.var Db = new ApplicationDbContext();

05.var users = Db.Users;

06.var model = new List<EditUserViewModel>();

07.foreach(var user in users)

08.{

09.var u = new EditUserViewModel(user);

10.model.Add(u);

11.}

12.return View(model);

13.}

加入 Edit Method (ActionResult)


 

view sourceprint?

01.//

02.// GEG: /Account/Edit

03.[Authorize(Roles = "Admin")]

04.public ActionResult Edit(string id , ManageMessageId? Message = null)

05.{

06.var Db = new ApplicationDbContext();

07.var user = Db.Users.First(u => u.UserName == id);

08.var model = new EditUserViewModel(user);

09.ViewBag.MessageId = Message;

10.return View(model);

11.}

12.//

13.// POST: /Account/Edit

14.[HttpPost]

15.[Authorize(Roles = "Admin")]

16.[ValidateAntiForgeryToken]

17.public async Task<ActionResult> Edit(EditUserViewModel model)

18.{

19.if (ModelState.IsValid)

20.{

21.var Db = new ApplicationDbContext();

22.var user = Db.Users.First(u => u.UserName == model.UserName);

23.user.FirstName = model.FirstName;

24.user.LastName = model.LastName;

25.user.Email = model.Email;

26.Db.Entry(user).State = System.Data.Entity.EntityState.Modified;

27.await Db.SaveChangesAsync();

28.return RedirectToAction("Index");

29.}

30.return View(model);

31.}

加入 Delete Method (ActionResult)


 

view sourceprint?

01.//

02.// GEG: /Account/Delete

03.[Authorize(Roles="Admin")]

04.public ActionResult Delete(string id = null)

05.{

06.var Db = new ApplicationDbContext();

07.var user = Db.Users.First(u => u.UserName == id);

08.var model = new EditUserViewModel(user);

09.return View(model);

10.}

11.//

12.// POST: /Account/Delete

13.[HttpPost, ActionName("Delete")]

14.[Authorize(Roles = "Admin")]

15.[ValidateAntiForgeryToken]

16.public ActionResult DeleteConfirmed(string id)

17.{

18.var Db = new ApplicationDbContext();

19.var user = Db.Users.First(u => u.UserName == id);

20.Db.Users.Remove(user);

21.Db.SaveChanges();

22.return RedirectToAction("Index");

23.}

加入 UserRoles Method (ActionResult)
 

view sourceprint?

01.//

02.// GEG: /Account/UserRoles

03.[Authorize(Roles = "Admin")]

04.public ActionResult UserRoles(string id)

05.{

06.var Db = new ApplicationDbContext();

07.var user = Db.Users.First(u => u.UserName == id);

08.var model = new SelectUserRolesViewModel(user);

09.return View(model);

10.}

11. 

12.//

13.// POST: /Account/UserRoles

14.[HttpPost]

15.[Authorize(Roles = "Admin")]

16.[ValidateAntiForgeryToken]

17.public ActionResult UserRoles(SelectUserRolesViewModel model)

18.{

19.if (ModelState.IsValid)

20.{

21.var idManager = new IdentityManager();

22.var Db = new ApplicationDbContext();

23.var user = Db.Users.First(u => u.UserName == model.UserName);

24.idManager.ClearUserRoles(user.Id);

25.foreach (var role in model.Roles)

26.{

27.if (role.Selected)

28.{

29.idManager.AddUserToRole(user.Id, role.RoleName);

30.}

31.}

32.return RedirectToAction("index");

33.}

34.return View();

35.}

AccountController.cs 完整程序


 

view sourceprint?

001.using System;

002.using System.Collections.Generic;

003.using System.Linq;

004.using System.Security.Claims;

005.using System.Threading.Tasks;

006.using System.Web;

007.using System.Web.Mvc;

008.using Microsoft.AspNet.Identity;

009.using Microsoft.AspNet.Identity.EntityFramework;

010.using Microsoft.Owin.Security;

011.using RoleBaseProject.Models;

012. 

013.namespace RoleBaseProject.Controllers

014.{

015.[Authorize]

016.public class AccountController : Controller

017.{

018.public AccountController()

019.: this(new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext())))

020.{

021.}

022. 

023.public AccountController(UserManager<ApplicationUser> userManager)

024.{

025.UserManager = userManager;

026.}

027. 

028.public UserManager<ApplicationUser> UserManager { get; private set; }

029. 

030.//

031.// GET: /Account/Login

032.[AllowAnonymous]

033.public ActionResult Login(string returnUrl)

034.{

035.ViewBag.ReturnUrl = returnUrl;

036.return View();

037.}

038. 

039.//

040.// POST: /Account/Login

041.[HttpPost]

042.[AllowAnonymous]

043.[ValidateAntiForgeryToken]

044.public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)

045.{

046.if (ModelState.IsValid)

047.{

048.var user = await UserManager.FindAsync(model.UserName, model.Password);

049.if (user != null)

050.{

051.await SignInAsync(user, model.RememberMe);

052.return RedirectToLocal(returnUrl);

053.}

054.else

055.{

056.ModelState.AddModelError("", "Invalid username or password.");

057.}

058.}

059. 

060.// 如果执行到这里，发生某项失败，则重新显示窗体

061.return View(model);

062.}

063. 

064.//

065.// GET: /Account/Register

066.[Authorize(Roles="Admin")]

067.public ActionResult Register()

068.{

069.return View();

070.}

071. 

072.//

073.// POST: /Account/Register

074.[HttpPost]

075.[Authorize(Roles = "Admin")]

076.[ValidateAntiForgeryToken]

077.public async Task<ActionResult> Register(RegisterViewModel model)

078.{

079.if (ModelState.IsValid)

080.{

081.var user = new ApplicationUser() {

082.UserName = model.UserName,

083.FirstName = model.FirstName,

084.LastName = model.LastName,

085.Email = model.Email,

086.};

087.var result = await UserManager.CreateAsync(user, model.Password);

088.if (result.Succeeded)

089.{

090.await SignInAsync(user, isPersistent: false);

091.return RedirectToAction("Index", "Home");

092.}

093.else

094.{

095.AddErrors(result);

096.}

097.}

098. 

099.// 如果执行到这里，发生某项失败，则重新显示窗体

100.return View(model);

101.}

102. 

103.//

104.// GEG: /Account/Index

105.[Authorize(Roles = "Admin")]

106.public ActionResult Index()

107.{

108.var Db = new ApplicationDbContext();

109.var users = Db.Users;

110.var model = new List<EditUserViewModel>();

111.foreach(var user in users)

112.{

113.var u = new EditUserViewModel(user);

114.model.Add(u);

115.}

116.return View(model);

117.}

118. 

119.//

120.// GEG: /Account/Edit

121.[Authorize(Roles = "Admin")]

122.public ActionResult Edit(string id , ManageMessageId? Message = null)

123.{

124.var Db = new ApplicationDbContext();

125.var user = Db.Users.First(u => u.UserName == id);

126.var model = new EditUserViewModel(user);

127.ViewBag.MessageId = Message;

128.return View(model);

129.}

130.//

131.// POST: /Account/Edit

132.[HttpPost]

133.[Authorize(Roles = "Admin")]

134.[ValidateAntiForgeryToken]

135.public async Task<ActionResult> Edit(EditUserViewModel model)

136.{

137.if (ModelState.IsValid)

138.{

139.var Db = new ApplicationDbContext();

140.var user = Db.Users.First(u => u.UserName == model.UserName);

141.user.FirstName = model.FirstName;

142.user.LastName = model.LastName;

143.user.Email = model.Email;

144.Db.Entry(user).State = System.Data.Entity.EntityState.Modified;

145.await Db.SaveChangesAsync();

146.return RedirectToAction("Index");

147.}

148.return View(model);

149.}

150. 

151.//

152.// GEG: /Account/Delete

153.[Authorize(Roles="Admin")]

154.public ActionResult Delete(string id = null)

155.{

156.var Db = new ApplicationDbContext();

157.var user = Db.Users.First(u => u.UserName == id);

158.var model = new EditUserViewModel(user);

159.return View(model);

160.}

161.//

162.// POST: /Account/Delete

163.[HttpPost, ActionName("Delete")]

164.[Authorize(Roles = "Admin")]

165.[ValidateAntiForgeryToken]

166.public ActionResult DeleteConfirmed(string id)

167.{

168.var Db = new ApplicationDbContext();

169.var user = Db.Users.First(u => u.UserName == id);

170.Db.Users.Remove(user);

171.Db.SaveChanges();

172.return RedirectToAction("Index");

173.}

174.//

175.// GEG: /Account/UserRoles

176.[Authorize(Roles = "Admin")]

177.public ActionResult UserRoles(string id)

178.{

179.var Db = new ApplicationDbContext();

180.var user = Db.Users.First(u => u.UserName == id);

181.var model = new SelectUserRolesViewModel(user);

182.return View(model);

183.}

184. 

185.//

186.// POST: /Account/UserRoles

187.[HttpPost]

188.[Authorize(Roles = "Admin")]

189.[ValidateAntiForgeryToken]

190.public ActionResult UserRoles(SelectUserRolesViewModel model)

191.{

192.if (ModelState.IsValid)

193.{

194.var idManager = new IdentityManager();

195.var Db = new ApplicationDbContext();

196.var user = Db.Users.First(u => u.UserName == model.UserName);

197.idManager.ClearUserRoles(user.Id);

198.foreach (var role in model.Roles)

199.{

200.if (role.Selected)

201.{

202.idManager.AddUserToRole(user.Id, role.RoleName);

203.}

204.}

205.return RedirectToAction("index");

206.}

207.return View();

208.}

209. 

210.//

211.// POST: /Account/Disassociate

212.[HttpPost]

213.[ValidateAntiForgeryToken]

214.public async Task<ActionResult> Disassociate(string loginProvider, string providerKey)

215.{

216.ManageMessageId? message = null;

217.IdentityResult result = await UserManager.RemoveLoginAsync(User.Identity.GetUserId(), new UserLoginInfo(loginProvider, providerKey));

218.if (result.Succeeded)

219.{

220.message = ManageMessageId.RemoveLoginSuccess;

221.}

222.else

223.{

224.message = ManageMessageId.Error;

225.}

226.return RedirectToAction("Manage", new { Message = message });

227.}

228. 

229.//

230.// GET: /Account/Manage

231.public ActionResult Manage(ManageMessageId? message)

232.{

233.ViewBag.StatusMessage =

234.message == ManageMessageId.ChangePasswordSuccess ? "您的密码已变更。"

235.: message == ManageMessageId.SetPasswordSuccess ? "已设定您的密码。"

236.: message == ManageMessageId.RemoveLoginSuccess ? "已移除外部登入。"

237.: message == ManageMessageId.Error ? "发生错误。"

238.: "";

239.ViewBag.HasLocalPassword = HasPassword();

240.ViewBag.ReturnUrl = Url.Action("Manage");

241.return View();

242.}

243. 

244.//

245.// POST: /Account/Manage

246.[HttpPost]

247.[ValidateAntiForgeryToken]

248.public async Task<ActionResult> Manage(ManageUserViewModel model)

249.{

250.bool hasPassword = HasPassword();

251.ViewBag.HasLocalPassword = hasPassword;

252.ViewBag.ReturnUrl = Url.Action("Manage");

253.if (hasPassword)

254.{

255.if (ModelState.IsValid)

256.{

257.IdentityResult result = await UserManager.ChangePasswordAsync(User.Identity.GetUserId(), model.OldPassword, model.NewPassword);

258.if (result.Succeeded)

259.{

260.return RedirectToAction("Manage", new { Message = ManageMessageId.ChangePasswordSuccess });

261.}

262.else

263.{

264.AddErrors(result);

265.}

266.}

267.}

268.else

269.{

270.// User does not have a password so remove any validation errors caused by a missing OldPassword field

271.ModelState state = ModelState["OldPassword"];

272.if (state != null)

273.{

274.state.Errors.Clear();

275.}

276. 

277.if (ModelState.IsValid)

278.{

279.IdentityResult result = await UserManager.AddPasswordAsync(User.Identity.GetUserId(), model.NewPassword);

280.if (result.Succeeded)

281.{

282.return RedirectToAction("Manage", new { Message = ManageMessageId.SetPasswordSuccess });

283.}

284.else

285.{

286.AddErrors(result);

287.}

288.}

289.}

290. 

291.// 如果执行到这里，发生某项失败，则重新显示窗体

292.return View(model);

293.}

294. 

295.//

296.// POST: /Account/ExternalLogin

297.[HttpPost]

298.[AllowAnonymous]

299.[ValidateAntiForgeryToken]

300.public ActionResult ExternalLogin(string provider, string returnUrl)

301.{

302.// 要求重新导向至外部登入提供者

303.return new ChallengeResult(provider, Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl }));

304.}

305. 

306.//

307.// GET: /Account/ExternalLoginCallback

308.[AllowAnonymous]

309.public async Task<ActionResult> ExternalLoginCallback(string returnUrl)

310.{

311.var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();

312.if (loginInfo == null)

313.{

314.return RedirectToAction("Login");

315.}

316. 

317.// Sign in the user with this external login provider if the user already has a login

318.var user = await UserManager.FindAsync(loginInfo.Login);

319.if (user != null)

320.{

321.await SignInAsync(user, isPersistent: false);

322.return RedirectToLocal(returnUrl);

323.}

324.else

325.{

326.// If the user does not have an account, then prompt the user to create an account

327.ViewBag.ReturnUrl = returnUrl;

328.ViewBag.LoginProvider = loginInfo.Login.LoginProvider;

329.return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel { UserName = loginInfo.DefaultUserName });

330.}

331.}

332. 

333.//

334.// POST: /Account/LinkLogin

335.[HttpPost]

336.[ValidateAntiForgeryToken]

337.public ActionResult LinkLogin(string provider)

338.{

339.// Request a redirect to the external login provider to link a login for the current user

340.return new ChallengeResult(provider, Url.Action("LinkLoginCallback", "Account"), User.Identity.GetUserId());

341.}

342. 

343.//

344.// GET: /Account/LinkLoginCallback

345.public async Task<ActionResult> LinkLoginCallback()

346.{

347.var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync(XsrfKey, User.Identity.GetUserId());

348.if (loginInfo == null)

349.{

350.return RedirectToAction("Manage", new { Message = ManageMessageId.Error });

351.}

352.var result = await UserManager.AddLoginAsync(User.Identity.GetUserId(), loginInfo.Login);

353.if (result.Succeeded)

354.{

355.return RedirectToAction("Manage");

356.}

357.return RedirectToAction("Manage", new { Message = ManageMessageId.Error });

358.}

359. 

360.//

361.// POST: /Account/ExternalLoginConfirmation

362.[HttpPost]

363.[AllowAnonymous]

364.[ValidateAntiForgeryToken]

365.public async Task<ActionResult> ExternalLoginConfirmation(ExternalLoginConfirmationViewModel model, string returnUrl)

366.{

367.if (User.Identity.IsAuthenticated)

368.{

369.return RedirectToAction("Manage");

370.}

371. 

372.if (ModelState.IsValid)

373.{

374.// 从外部登入提供者处取得使用者信息

375.var info = await AuthenticationManager.GetExternalLoginInfoAsync();

376.if (info == null)

377.{

378.return View("ExternalLoginFailure");

379.}

380.var user = new ApplicationUser() { UserName = model.UserName };

381.var result = await UserManager.CreateAsync(user);

382.if (result.Succeeded)

383.{

384.result = await UserManager.AddLoginAsync(user.Id, info.Login);

385.if (result.Succeeded)

386.{

387.await SignInAsync(user, isPersistent: false);

388.return RedirectToLocal(returnUrl);

389.}

390.}

391.AddErrors(result);

392.}

393. 

394.ViewBag.ReturnUrl = returnUrl;

395.return View(model);

396.}

397. 

398.//

399.// POST: /Account/LogOff

400.[HttpPost]

401.[ValidateAntiForgeryToken]

402.public ActionResult LogOff()

403.{

404.AuthenticationManager.SignOut();

405.return RedirectToAction("Index", "Home");

406.}

407. 

408.//

409.// GET: /Account/ExternalLoginFailure

410.[AllowAnonymous]

411.public ActionResult ExternalLoginFailure()

412.{

413.return View();

414.}

415. 

416.[ChildActionOnly]

417.public ActionResult RemoveAccountList()

418.{

419.var linkedAccounts = UserManager.GetLogins(User.Identity.GetUserId());

420.ViewBag.ShowRemoveButton = HasPassword() || linkedAccounts.Count > 1;

421.return (ActionResult)PartialView("_RemoveAccountPartial", linkedAccounts);

422.}

423. 

424.protected override void Dispose(bool disposing)

425.{

426.if (disposing && UserManager != null)

427.{

428.UserManager.Dispose();

429.UserManager = null;

430.}

431.base.Dispose(disposing);

432.}

433. 

434.#region Helper

435.// Used for XSRF protection when adding external logins

436.private const string XsrfKey = "XsrfId";

437. 

438.private IAuthenticationManager AuthenticationManager

439.{

440.get

441.{

442.return HttpContext.GetOwinContext().Authentication;

443.}

444.}

445. 

446.private async Task SignInAsync(ApplicationUser user, bool isPersistent)

447.{

448.AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);

449.var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);

450.AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity);

451.}

452. 

453.private void AddErrors(IdentityResult result)

454.{

455.foreach (var error in result.Errors)

456.{

457.ModelState.AddModelError("", error);

458.}

459.}

460. 

461.private bool HasPassword()

462.{

463.var user = UserManager.FindById(User.Identity.GetUserId());

464.if (user != null)

465.{

466.return user.PasswordHash != null;

467.}

468.return false;

469.}

470. 

471.public enum ManageMessageId

472.{

473.ChangePasswordSuccess,

474.SetPasswordSuccess,

475.RemoveLoginSuccess,

476.Error

477.}

478. 

479.private ActionResult RedirectToLocal(string returnUrl)

480.{

481.if (Url.IsLocalUrl(returnUrl))

482.{

483.return Redirect(returnUrl);

484.}

485.else

486.{

487.return RedirectToAction("Index", "Home");

488.}

489.}

490. 

491.private class ChallengeResult : HttpUnauthorizedResult

492.{

493.public ChallengeResult(string provider, string redirectUri) : this(provider, redirectUri, null)

494.{

495.}

496. 

497.public ChallengeResult(string provider, string redirectUri, string userId)

498.{

499.LoginProvider = provider;

500.RedirectUri = redirectUri;

501.UserId = userId;

502.}

503. 

504.public string LoginProvider { get; set; }

505.public string RedirectUri { get; set; }

506.public string UserId { get; set; }

507. 

508.public override void ExecuteResult(ControllerContext context)

509.{

510.var properties = new AuthenticationProperties() { RedirectUri = RedirectUri };

511.if (UserId != null)

512.{

513.properties.Dictionary[XsrfKey] = UserId;

514.}

515.context.HttpContext.GetOwinContext().Authentication.Challenge(properties, LoginProvider);

516.}

517.}

518.#endregion

519.}

520.}

 

修改相关 Views

 

修改Register.cshtml View 

view sourceprint?

01.@model RoleBaseProject.Models.RegisterViewModel

02.@{

03.ViewBag.Title = "注册";

04.}

05. 

06.<h2>@ViewBag.Title.</h2>

07. 

08.@using (Html.BeginForm("Register", "Account", FormMethod.Post, new { @class = "form-horizontal", role = "form" }))

09.{

10.@Html.AntiForgeryToken()

11.<h4>建立新的账户。</h4>

12.<hr />

13.@Html.ValidationSummary()

14.<div class="form-group">

15.@Html.LabelFor(m => m.UserName, new { @class = "col-md-2 control-label" })

16.<div class="col-md-10">

17.@Html.TextBoxFor(m => m.UserName, new { @class = "form-control" })

18.</div>

19.</div>

20.<div class="form-group">

21.@Html.LabelFor(m => m.Password, new { @class = "col-md-2 control-label" })

22.<div class="col-md-10">

23.@Html.PasswordFor(m => m.Password, new { @class = "form-control" })

24.</div>

25.</div>

26.<div class="form-group">

27.@Html.LabelFor(m => m.ConfirmPassword, new { @class = "col-md-2 control-label" })

28.<div class="col-md-10">

29.@Html.PasswordFor(m => m.ConfirmPassword, new { @class = "form-control" })

30.</div>

31.</div>

32.<div class="form-group">

33.@Html.LabelFor(m => m.FirstName, new { @class = "col-md-2 control-label" })

34.<div class="col-md-10">

35.@Html.TextBoxFor(m => m.FirstName, new { @class = "form-control" })

36.</div>

37.</div>

38.<div class="form-group">

39.@Html.LabelFor(m => m.LastName, new { @class = "col-md-2 control-label" })

40.<div class="col-md-10">

41.@Html.TextBoxFor(m => m.LastName, new { @class = "form-control" })

42.</div>

43.</div>

44.<div class="form-group">

45.@Html.LabelFor(m => m.Email, new { @class = "col-md-2 control-label" })

46.<div class="col-md-10">

47.@Html.TextBoxFor(m => m.Email, new { @class = "form-control" })

48.</div>

49.</div>

50.<div class="form-group">

51.<div class="col-md-offset-2 col-md-10">

52.<input type="submit" class="btn btn-default" value="注册" />

53.</div>

54.</div>

55.}

56. 

57.@section Scripts {

58.@Scripts.Render("~/bundles/jqueryval")

59.}

 

新增Edit、Delete、Index 等方法的Views

 

新增Edit Views

 

 

用以下内容取代原程序

view sourceprint?

01.@model RoleBaseProject.Models.EditUserViewModel

02. 

03.@{

04.ViewBag.Title = "数据者数据编辑";

05.}

06. 

07.<h2>数据者数据编辑</h2>

08. 

09.@using (Html.BeginForm())

10.{

11.@Html.AntiForgeryToken()

12.<div class="form-horizontal">

13.<h4>修改原有账号数据</h4>

14.<hr />

15.@Html.ValidationSummary(true)

16.<div class="form-group">

17.@Html.LabelFor(model => model.UserName, new { @class = "control-label col-md-2" })

18.<div class="col-md-10">

19.@Html.EditorFor(model => model.UserName)

20.@Html.ValidationMessageFor(model => model.UserName)

21.</div>

22.</div>

23. 

24.<div class="form-group">

25.@Html.LabelFor(model => model.FirstName, new { @class = "control-label col-md-2" })

26.<div class="col-md-10">

27.@Html.EditorFor(model => model.FirstName)

28.@Html.ValidationMessageFor(model => model.FirstName)

29.</div>

30.</div>

31. 

32.<div class="form-group">

33.@Html.LabelFor(model => model.LastName, new { @class = "control-label col-md-2" })

34.<div class="col-md-10">

35.@Html.EditorFor(model => model.LastName)

36.@Html.ValidationMessageFor(model => model.LastName)

37.</div>

38.</div>

39. 

40.<div class="form-group">

41.@Html.LabelFor(model => model.Email, new { @class = "control-label col-md-2" })

42.<div class="col-md-10">

43.@Html.EditorFor(model => model.Email)

44.@Html.ValidationMessageFor(model => model.Email)

45.</div>

46.</div>

47. 

48.<div class="form-group">

49.<div class="col-md-offset-2 col-md-10">

50.<input type="submit" value="存档" class="btn btn-default" />

51.</div>

52.</div>

53.</div>

54.}

55. 

56.<div>

57.@Html.ActionLink("回到使用者清单画面", "Index")

58.</div>

59. 

60.@section Scripts {

61.@Scripts.Render("~/bundles/jqueryval")

62.}

新增Delete的Views
 

 

用以下内容取代原程序


 

view sourceprint?

01.@model RoleBaseProject.Models.EditUserViewModel

02. 

03.<h3>使用者账号删除</h3>

04.<div>

05.<h4>确定要删除这个使用者账号?</h4>

06.<hr />

07.<dl class="dl-horizontal">

08.<dt>

09.@Html.DisplayNameFor(model => model.UserName)

10.</dt>

11. 

12.<dd>

13.@Html.DisplayFor(model => model.UserName)

14.</dd>

15. 

16.<dt>

17.@Html.DisplayNameFor(model => model.FirstName)

18.</dt>

19. 

20.<dd>

21.@Html.DisplayFor(model => model.FirstName)

22.</dd>

23. 

24.<dt>

25.@Html.DisplayNameFor(model => model.LastName)

26.</dt>

27. 

28.<dd>

29.@Html.DisplayFor(model => model.LastName)

30.</dd>

31. 

32.<dt>

33.@Html.DisplayNameFor(model => model.Email)

34.</dt>

35. 

36.<dd>

37.@Html.DisplayFor(model => model.Email)

38.</dd>

39. 

40.</dl>

41. 

42.@using (Html.BeginForm()) {

43.@Html.AntiForgeryToken()

44. 

45.<div class="form-actions no-color">

46.<input type="submit" value="删除" class="btn btn-default" /> |

47.@Html.ActionLink("回到使用者清单画面", "Index")

48.</div>

49.}

50.</div>

新增Index Views
 

 

用以下内容取代原程序


 

view sourceprint?

01.@model IEnumerable<RoleBaseProject.Models.EditUserViewModel>

02. 

03.@{

04.ViewBag.Title = "账号管理";

05.}

06. 

07.<h2>账号管理</h2>

08. 

09.<p>

10.@Html.ActionLink("新增账号", "Register")

11.</p>

12.<table class="table">

13.<tr>

14.<th>

15.@Html.DisplayNameFor(model => model.UserName)

16.</th>

17.<th>

18.@Html.DisplayNameFor(model => model.FirstName)

19.</th>

20.<th>

21.@Html.DisplayNameFor(model => model.LastName)

22.</th>

23.<th>

24.@Html.DisplayNameFor(model => model.Email)

25.</th>

26.<th></th>

27.</tr>

28. 

29.@foreach (var item in Model) {

30.<tr>

31.<td>

32.@Html.DisplayFor(modelItem => item.UserName)

33.</td>

34.<td>

35.@Html.DisplayFor(modelItem => item.FirstName)

36.</td>

37.<td>

38.@Html.DisplayFor(modelItem => item.LastName)

39.</td>

40.<td>

41.@Html.DisplayFor(modelItem => item.Email)

42.</td>

43.<td>

44.@Html.ActionLink("编辑", "Edit", new { id=item.UserName }) |

45.@Html.ActionLink("角色", "UserRoles", new { id=item.UserName }) |

46.@Html.ActionLink("删除", "Delete", new { id=item.UserName })

47.</td>

48.</tr>

49.}

50. 

51.</table>

新增好的三個View

 

 

 

新增UserRoles.cshtml View 并 新增程序代码
 

 

用以下内容取代原程序

view sourceprint?

01.@model RoleBaseProject.Models.SelectUserRolesViewModel

02.@{

03.ViewBag.Title = "使用者角色";

04.}

05. 

06.<h2>使用者角色 @Html.DisplayFor(model => model.UserName)</h2>

07.<hr />

08. 

09.@using (Html.BeginForm("UserRoles", "Account", FormMethod.Post, new { encType = "multipart/form-data", name = "myform" }))

10.{

11.@Html.AntiForgeryToken()

12. 

13.<div class="form-horizontal">

14.@Html.ValidationSummary(true)

15.<div class="form-group">

16.<div class="col-md-10">

17.@Html.HiddenFor(model => model.UserName)

18.</div>

19.</div>

20. 

21.<h4>选择要加入的角色</h4>

22.<br />

23.<hr />

24. 

25.<table>

26.<tr>

27.<th>

28.勾选

29.</th>

30.<th>

31.角色

32.</th>

33.</tr>

34.@Html.EditorFor(model => model.Roles)

35.</table>

36.<br />

37.<hr />

38. 

39.<div class="form-group">

40.<div class="col-md-offset-2 col-md-10">

41.<input type="submit" value="存档" class="btn btn-default" />

42.</div>

43.</div>

44.</div>

45.}

新增SelectRoleEditorViewModel.cshtml 在 Shared/EditorTemplates目录下
 

 

view sourceprint?

01.@model RoleBaseProject.Models.SelectRoleEditorViewModel

02.@Html.HiddenFor(model => model.RoleName)

03.<tr>

04.<td style="text-align:center">

05.@Html.CheckBoxFor(model => model.Selected)

06.</td>

07.<td>

08.@Html.DisplayFor(model => model.RoleName)

09.</td>

10.</tr>

在主页面上新增”账号管理" 功能按钮

移除主页面上的注册功能

 

 

 

启动 Migration功能
 

 

在Seed()方法中加入建立测试数据的程序代码
 

 

完整程序:

view sourceprint?

01.namespace RoleBaseProject.Migrations

02.{

03.using RoleBaseProject.Models;

04.using System;

05.using System.Data.Entity;

06.using System.Data.Entity.Migrations;

07.using System.Linq;

08. 

09.internal sealed class Configuration : DbMigrationsConfiguration<RoleBaseProject.Models.ApplicationDbContext>

10.{

11.public Configuration()

12.{

13.AutomaticMigrationsEnabled = false;

14.}

15. 

16.protected override void Seed(RoleBaseProject.Models.ApplicationDbContext context)

17.{

18.// This method will be called after migrating to the latest version.

19. 

20.// You can use the DbSet<T>.AddOrUpdate() helper extension method

21.// to avoid creating duplicate seed data. E.g.

22.//

23.// context.People.AddOrUpdate(

24.// p => p.FullName,

25.// new Person { FullName = "Andrew Peters" },

26.// new Person { FullName = "Brice Lambson" },

27.// new Person { FullName = "Rowan Miller" }

28.// );

29.//

30.this.AddUserAndRoles();

31.}

32. 

33.bool AddUserAndRoles()

34.{

35.bool success = false;

36. 

37.var idManager = new IdentityManager();

38.success = idManager.CreateRole("Admin");

39.if (!success == true) return success;

40. 

41.success = idManager.CreateRole("CanEdit");

42.if (!success == true) return success;

43. 

44.success = idManager.CreateRole("User");

45.if (!success) return success;

46. 

47.var newUser = new ApplicationUser()

48.{

49.UserName = "jatten",

50.FirstName = "John",

51.LastName = "Atten",

52.Email = "jatten@typecastexception.com"

53.};

54. 

55.success = idManager.CreateUser(newUser, "Password1");

56.if (!success) return success;

57. 

58.success = idManager.AddUserToRole(newUser.Id, "Admin");

59.if (!success) return success;

60. 

61.success = idManager.AddUserToRole(newUser.Id, "CanEdit");

62.if (!success) return success;

63. 

64.success = idManager.AddUserToRole(newUser.Id, "User");

65.if (!success) return success;

66. 

67.return success;

68.}

69.}

70.}

更新数据库
 

 

执行结果
 

 

以具有Admin角色的使用者登入后执行账户管理功能: