开发者

Avoid hard-coded roles in MVC?

开发者_运维知识库

I understand that in mvc to implement role based security at the controller or action level for my site I could paint the class or method with something like the following:

[Authorize(Roles = "DOMAIN\GROUPNAME")]

(I use windows authentication)

Previously in asp.net I might have done this with a location section in the config.

The problem I have with doing this is that this site is installed in various environments in the company and for each environment that value could be different.

Is there a way to give these roles an alias with a mapping in the config? Or have I got something wrong here?

EDIT

I tried:

[Authorize(Roles=ConfigurationSettings.AppSettings["UpdateRole"])]

But this gives me the error: "An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type"


Take a look at this: ASP.NET MVC - Dynamic Authorization

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜