1

So let's say I have an eBay-type application where only the seller can edit his/her listing. How do I go about restricting access to the Edit action based on the Id of the item we're editing and the currently logged in user?

As far as I can tell, the Authorize attribute only allows you to restrict access to controller actions based on whether the user is authenticated or not and their role. Is this simply something that I need to handle manually within the controller?

4

2 回答 2

1

A custom attribute deriving from IAuthorizeFilter.

于 2008-10-18T01:29:09.343 回答
0

这看起来像是基于用户和角色控制操作的一个很好的例子。 http://www.coderjournal.com/2008/03/securing-mvc-controller-actions/

不过,我是 MVC 的新人,所以我可能是错的。检查一下,让我们知道它是否有帮助。

于 2008-10-18T05:18:12.767 回答