标签:parameter span rdl project help access 注意 href login
Authorization in MVC is controlled through the AuthorizeAttribute attribute and its various parameters. At its simplest applying the AuthorizeAttribute attribute to a controller or action limits access to the controller or action to any authenticated user.
MVC中的授权通过AuthorizeAttribute属性及其不同的参数来实现。控制器或者方法的AuthorizeAttribute 属性最简单的应用是限制认证用户的使用。
For example, the following code limits access to the AccountController to any authenticated user.
例如,下列代码限制任何授权用户连接AccountController 。
[Authorize] public class AccountController : Controller { public ActionResult Login() { } public ActionResult Logout() { } }
If you want to apply authorization to an action rather than the controller simply apply the AuthorizeAttribute attribute to the action itself;
如果想对一个方法实施授权,而不是简单地对控制器实施授权,那么仅将AuthorizeAttribute 属性放到该方法上。
public class AccountController : Controller { public ActionResult Login() { } [Authorize] public ActionResult Logout() { } }
Now only authenticated users can access the logout function.
现在,只有授权用户可以使用logout函数。
You can also use the AllowAnonymousAttribute attribute to allow access by non-authenticated users to individual actions; for example
你也可使用AllowAnonymousAttribute 属性来允许非授权用户使用单独的方法,例如:
[Authorize] public class AccountController : Controller { [AllowAnonymous] public ActionResult Login() { } public ActionResult Logout() { } }
This would allow only authenticated users to the AccountController, except for the Login action, which is accessible by everyone, regardless of their authenticated or unauthenticated / anonymous status.
这会使除了Login方法外,只有授权用户可以使用AccountController,不论其授权或者非授权以及匿名的任何人都可使用Login方法。
Warning 注意
[AllowAnonymous] bypasses all authorization statements. If you apply combine [AllowAnonymous] and any [Authorize] attribute then the Authorize attributes will always be ignored. For example if you apply [AllowAnonymous] at the controller level any [Authorize] attributes on the same controller, or on any action within it will be ignored.
[AllowAnonymous] 忽略了所有的授权语句。如果联合使用 [AllowAnonymous]和[Authorize] 属性,Authorize属性将一直被忽略。例如:如果在控制器级别使用了[AllowAnonymous],在同一个控制器的任何[Authorize]或者其中的任何方法将被忽略。
Security----Authorization----简单授权
标签:parameter span rdl project help access 注意 href login
原文地址:http://www.cnblogs.com/jqdy/p/5989238.html
