Shulou(Shulou.com)06/02 Report--

This article introduces you how to talk about the implementation of access control ASP.NET MVC based on URL, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Talking about the implementation of privilege Control ASP.NET MVC based on URL

Create 2 new tables in the database. The PermissionItem table is used to save the relationship between permission ID and page path. A permission ID can have multiple pages. Generally, pages under the same permission ID are used to achieve the same function. The PermissionList table is used to hold the permissions that the user has.

Code USE [UrlAuthorize] GO / * Object: Table [dbo]. [PermissionList] Script Date: 07 * / SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE TABLE [dbo]. [PermissionList] ([ID] [int] IDENTITY (1) NOT NULL, [PermissionID] [int] NOT NULL, [UserID] [int] NOT NULL CONSTRAINT [PK_PermissionList] PRIMARY KEY CLUSTERED ([ID] ASC) WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]) ON [PRIMARY] GO SET IDENTITY_INSERT [dbo]. [PermissionList] ON INSERT [dbo]. [PermissionList] ([ID], [PermissionID], [UserID]) VALUES (1,2,1) INSERT [dbo]. [PermissionList] ([ID] [PermissionID], [UserID]) VALUES (2,3,1) SET IDENTITY_INSERT [dbo]. [PermissionList] OFF / * Object: Table [dbo]. [PermissionItem] Script Date: 07 SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO SET ANSI_PADDING ON GO CREATE TABLE 00:07:10 * / SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO SET ANSI_PADDING ON GO CREATE TABLE [dbo]. [PermissionItem] ([ID] [int] IDENTITY (1) NOT NULL, [PermissionID] [int] NOT NULL [Name] [nvarchar] (50) NOT NULL, [Route] [varchar] (100) NOT NULL, CONSTRAINT [PK_PermissionItem] PRIMARY KEY CLUSTERED ([ID] ASC) WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]) ON [PRIMARY] GO SET ANSI_PADDING OFF GO SET IDENTITY_INSERT [dbo]. [PermissionItem] ON INSERT [dbo]. [PermissionItem] ([ID], [PermissionID], [Name], [Route]) VALUES (1, 1, N' Test Page 1) INSERT [dbo]. [PermissionItem] ([ID], [PermissionID], [Name], [Route]) VALUES (2,2) INSERT [dbo]. [PermissionItem] ([ID], [PermissionID], [Name], [Route]) VALUES (3, 3, N' Test Page 3) INSERT [dbo]. [PermissionItem] ([ID], [PermissionID], [Name], [Route]) VALUES (5, 1, N' Test Page 4') INSERT [dbo]. [PermissionItem] ([ID], [PermissionID], [Name], [Route]) VALUES (6, 2, N' Test Page 5) SET IDENTITY_INSERT [dbo]. [PermissionItem] OFF

The example in the database indicates that Page1 and Page4 belong to permission 1, both Page5 and 2 belong to permissions 2, and 3 belong to permission 3. A user with a user ID of 1 has permissions 2 and 3.

Create a new AccountHelper class in the ASP.NET MVC project, which is an auxiliary class. The GetPermissionItems method is used to get the correspondence between the permission ID and the page path. This is global, and each user uses this information when visiting the page, so it is stored in Cache. Database related operations ADO.NET Entity Framework is used here.

5public static List GetPermissionItems () 6 {7 / / if the permission list information already exists in the cache, it is read directly from the cache. 8 if (HttpContext.Current.Cache ["PermissionItems"] = null) 9 {10 / / if there is no permission list information in the cache, get and write the cache 11 UrlAuthorizeEntities db = new UrlAuthorizeEntities () from the database; 12 var items = db.PermissionItem.Where (c = > c.PermissionID > 0). ToList (); 13 HttpContext.Current.Cache ["PermissionItems"] = items 14} 1516 / / this cache stores the corresponding permissions ID17 return (List) HttpContext.Current.Cache ["PermissionItems"]; 18} 19 for all pages that need permission control.

The GetUserPermission method saves the user's permissions ID to an one-dimensional Int32 array. This information varies from user to user, but it is often used, so it is stored in Session.

1 ID5/// ID5/// / 2 racer / obtain user rights 3 / 4 / user rights array 6public static Int32 [] GetUserPermission (int userID) 7 {8 / / if the permission list information already exists in the cache, it is read directly from the cache. 9 if (HttpContext.Current.Session ["Permission"] = null) 10 {11 / / get the user rights from the database and put the permissions ID in the int array and store them in Session12 UrlAuthorizeEntities db = new UrlAuthorizeEntities (); 13 var permissions = db.PermissionList.Where (c = > c.UserID = = userID) .Select (c = > c.PermissionID) .ToArray (); 14 HttpContext.Current.Session ["Permission"] = permissions 15} 16 return (Int32 []) HttpContext.Current.Session ["Permission"]; 17} 18

Create a new UrlAuthorizeAttribute class that inherits from AuthorizeAttribute, which is a Filter. We override its OnAuthorization method to execute it during the ASP.NET page lifecycle authentication phase.

1 List pItems List pItems / 2 AuthorizationContext filterContext / rewrite OnAuthorization3/// 4 racket / 5public override void OnAuthorization (AuthorizationContext filterContext) 6 {7 / / get the list of permission items 8 List pItems = AccountHelper.GetPermissionItems (); 910 / / obtain the corresponding permission ID for the current access page. If item is empty, there is no permission control information on the current page, and there is no need for permission control 11 var item = pItems.FirstOrDefault (c = > c.Route = = filterContext.HttpContext.Request.Path) 1213 if (item! = null) 14 {15 if (Array.IndexOf (AccountHelper.GetUserPermission (int.Parse (filterContext.HttpContext.Session ["UserID"]. ToString ()), item.PermissionID) =-1) 16 {17 / / prompt permission is insufficient, or you can jump to another page 18 filterContext.HttpContext.Response.Write ("do not have permission to access this page"); 19 filterContext.HttpContext.Response.End () 20} 21} 22 else23 {24 / / if the permission ID corresponding to the current page does not exist in the permission entry list, all users are not allowed to access, directly indicating that they do not have the right to access. * * Note 1 thanks 25 filterContext.HttpContext.Response.Write ("do not have permission to access this page"); 26 filterContext.HttpContext.Response.End (); 27} 28} 29

At this point, the main work has been completed. Next, we just need to add [UrlAuthorize] to the Action or Controller that needs to be controlled based on URL permissions, and all the Actions in these Action or Controller will be automatically processed by the UrlAuthorize Filter. If an Action is marked with [UrlAuthorize] and the corresponding permission ID for the page does not exist in the database, then according to the sample code, all users will not be able to access the page. If you need to change this setting, you can modify the two lines of code under "Note 1" above.

On how to talk about URL-based access control ASP.NET MVC implementation is shared here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.