1

In ASP.NET MVC 4 I see that there is and [Authorize] attribute and now a corresponding [AllowAnonymous] attribute that can easily let you require authentication to access specific controller actions.

What I need is true multi tenancy though. Each user can access only their own records, and all records other than the user accounts should be owned by individual users.

In Hobo (http://hobocentral.net) which is a Rails plugin, this was easily accomplished by adding the following line of code in my ApplicationController:

before_filter :login_required, :except => [:login, :signup, :do_signup, :activate]

And then in my model:

belongs_to :owner, :class_name => "User", :creator => true

# --- Permissions --- #

def create_permitted?
  acting_user == owner || !owner_changed?
end

def update_permitted?
  acting_user == owner || !owner_changed?
end

def destroy_permitted?
  acting_user == owner || !owner_changed?
end

def view_permitted?(field)
  owner_is? acting_user or new_record?
end

And finally in my model's controller:

def index
  hobo_index current_user.modelName
end

Does something so simple and elegant exist or is built into ASP.NET MVC? So far I've found several ways to implement multi tenancy in ASP.NET MVC but I'm unsure as to which is the clearly correct way. I also intent to use .NET 4.5 and Entity Framework 5 if that helps.

4

1 回答 1

-2

如果您在 asp.net MVC 中使用任何类型的内置身份验证,那么它已经存在,因为您可以使用类似的东西

HttpContext.Current.User.Identity.Name

如果您没有使用某种内部身份验证机制,那么您可以执行我在验证用户时将主键保存在session变量中时所做的简单操作。

Session["User"] = Key;

并在每个控制器内部取出变量

var key = Session["User"];

并根据密钥检索用户数据

于 2012-07-23T12:23:11.160 回答