Determine if user can access database generated page?
I have Membership
, Profile
and Role
prov开发者_开发问答iders setup for my .NET MVC website. I would like to say: this Role
has access to that Page
.
How do I 'inject' this code to the RoleProvider? Or do I have to override it somehow? Any leads?
(Roles are stored in the default ASP.NET SqlRoleProvider, Pages are stored in a seperate SQL database).
Why would you inject this into the role provider? Why not just decorate the ActionResult [Authorise(Roles="myrole")]
?
I understand that your pages are in the database but the action result still needs to call the view right?
I guess you could write you're own custom attribute which can check and either grant access or deny it.
I don't think the role provider is the right place for determining whether a page can be displayed or not.
Take a look at using sitemaps under asp.net. It is VERY easy to manage and to extend.
I have even used them as the datasource for a menu system.
Once in your page, you can do something like:
User.IsInRole("RoleName")
精彩评论