开发者

block Invoking class method based on user role asp.net mvc 3

I'm creating my first ASP.NET MVC 3 app and I have a problem with creating class instance based on user role.

I have a Class called Account and it contains information about user accounts and few methods which allow me to manipulate(update) user account information. For example ChangeNickName, AddToGroup, RemoveFromGroup, Ban and so on.

As you can see problem with these methods is that I dont want to allow anyone to use AddToGroup or Ban method but only user with specified role (i'm using ASP.NET default role implementation system)

So I wonder is there a way I could add attribute [Authorize(Roles = "Admin")] to my AddTogroupMethod just like I use it on Controller methods

I know that with proper implementation of controllers I dont need something like this but I want to make sure that I dont allow anyone to make instance of class (or use specified methods by accident) if user is not part of specified role.

So for example if I by accident add access to AddToGroup method in user controller I would still be able to prevent them from exploiting bug because of attribute attached to this method

If I can't solve this problem with attributes is there a way to make VS to block me from debu开发者_StackOverflow中文版gging application if I make a call to AddToGroup method from xy class

If you have any ides how to make this working I'm open to suggestions

Than in advance


You should probably use the AuthorizeAttribute, however you can check the role of a current user in code using Roles.UserIsInRole.

There's a little info on this in MVC here (the assembly seems to have changed between 3.5/4.0):

asp.net mvc -> Roles.IsUserInRole(username,role)

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜