There is a User table in my own db and it has a "Type" field. There are 3 types of users, publisher, audit开发者_StackOverflow中文版ors and admins. I want to know how can i use some filter like [Authorize(Role="Publisher")] to filter the users logged on????
The [Authorize(Role="")] attribute, from what I understand, is used when you utilize a role provider. You can roll your own fairly easy - see this link for a guide.
Generally what I do is have a User table, Role table, and a UserInRole table. The role table just has a role id such as "Admin" and a description. The UserInRole table is a join table that links a user id to a role id.
That way a user can belong to multiple roles, and not be tied to only one.
Please note this is the way I do it - and is not necessarily the right way. If you want to use your "type" field in the user table then that will still work - your custom role provider will just be implemented different than mine.
EDIT: Also - the [Authorize] attribute will work with only a membership provider, and it is not required to have a role provider. I think the syntax is [Authorize(User="User1,User2")] or something like that.
EDIT: To take the user to an error page indicating he is not in the correct role, you could add some custom logic to your Login method in your AccountController:
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
if (!User.IsInRole("MyRole"))
{
return Redirect("Error");
}
else
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
}
else
{
ModelState.AddModelError("", "The email or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
精彩评论