构建一个MVC3应用程序,而TPTB希望我们使用其自定义授权提供程序.但是,在开发过程中,此auth提供程序有点麻烦,因为它可能会在您关闭/重新启动浏览器之前产生错误,或者会要求您在每次编译时都重新登录.
Building an MVC3 application, and TPTB want us to use their custom authorization provider. However, during development this auth provider is kind of a pain, since it will either give an error til you shut down/restart the browser, or it will require you to re-log o on every compile.
现在,我只是将<authentication mode="None"/>添加到web.config中,在遇到遇到使用[Authorize(Roles = "Admin")]过滤器的操作或控制器之前,它可以正常工作(它可以是任何角色,而不仅仅是Admin).当它碰到其中一个时,它只会呈现一个空白页.
For now, I just added <authentication mode="None"/> to the web.config, which works fine until I encounter an action or controller that uses the [Authorize(Roles = "Admin")] filter (it can be any role, not just Admin). When it hits one of those, it just renders a blank page.
是否可以在全球范围内暂时关闭这些过滤器?还是只是在开发过程中赋予用户所有角色?
Is there a way globally and temporarily turn these filters off? Or just give the user all roles while I'm in development?
编辑
让我澄清一下-我实际上是在将大型应用程序从MVC2移植到MVC3.它整个都有很多[Authorize(Roles="Admin")]和[Authorize(Roles="Admin,Editor")].如果可能的话,我宁愿不更改所有这些内容.
Let me clarify- I'm actually porting over a large app from MVC2 to MVC3. It has lots of [Authorize(Roles="Admin")] and [Authorize(Roles="Admin,Editor")] throughout it. I'd rather not change all of those if possible.
我是否应该创建一个小型的自定义角色提供程序,以自动分配所有角色?
Should I just create a small custom role provider that gives all roles automatically?
推荐答案您可以编写自定义的Authorize过滤器,如果请求来自localhost,则该过滤器将不执行任何检查:
You could write a custom Authorize filter which will not perform any checks if the request is coming from localhost:
public class MyAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { if (httpContext.Request.Url.IsLoopback) { // It was a local request => authorize the guy return true; } return base.AuthorizeCore(httpContext); } }更多推荐
在开发过程中绕过或关闭[Authorize(Roles =“"))]?
发布评论