How to restrict areas in an efficient way?

2018-06-22 00:50:50

I've got an ASP.NET MVC 3 site with an admin panel (don't we all? :) - I've used my own solution for a very secured login system.

Now, on each view in the admin controller I need to make checks that the user is logged and has the proper authorization, so each time I run the same verification and authorization methods on each view separately.

How could I make the same checks for all the requests to a certain controller? (I mean, right all the checks only once and in one place)

(I also would like to have an exception, so I could allow user to use the login page inside the admin controller and outside of it)

Thanks!

Use an attribute on the controller. Either the standard AuthorizeAttribute (see this) or write your own.

What you're looking for is action filter attributes. They are basically an attribute you can place on a controller that allows you to intercept calls to every action method within a controller and are therefore perfect for security as you can deny/accept requests: http://msdn.microsoft.com/en-us/library/system.web.mvc.actionfilterattribute.aspx

如果你想限制整个控制器而不是单独的动作，你可以像这样放置[Authorize]属性：

[Authorize]        
public class PageController : Controller
{ ... }

链接地址: http://www.djcxy.com/p/61846.html

上一篇: 如何本地化ASP.NET MVC应用程序？

下一篇: 如何以有效的方式限制区域？