0

使用ClaimsAuthorizeAttribute.net4.5)我可以定义所需的资源和操作,如下所示:

[ClaimsAuthorize("View", "Administration")]

我还可以添加多个属性以获得更精细的权限

[ClaimsAuthorize("View", "Person")]
[ClaimsAuthorize("Edit", "Settings")]

但在CheckAccess方法中,我有两个单独的集合,它们没有任何关系。

  public override bool CheckAccess(AuthorizationContext context)
        {

所以我知道有“查看”和“编辑”,另一边是“个人”和“设置”

但是不知道是不是这个意思

“查看人员”或“查看设置”也不

“编辑人员”或“编辑设置”

如何处理?

我是否以不应该的方式使用资源和操作?(.net 4.5)

4

1 回答 1

4

ClaimsAuthorize is not part of .NET 4.5 - maybe you mean my version in IdentityModel ;)

When you have two attributes on e.g. a method - you will invoke ClaimsAuthorizationManager twice. Are you seeing something different?

Then there is a clear relationship between action and resource.

于 2013-01-21T08:10:34.467 回答