CanCan gem for MVC .NET

问题

I am looking for NuGet package that provides similar functionality as the CanCan gem in rails ( https://github.com/ryanb/cancan ).

Does anyone know a plugin that provides a similar functionality? Or a simple way to implement this?

Thanks

回答1:

I ended up looking at http://www.develop.com/wifclaimsbasedauthorizationone it does very much as CanCan does.

For example

ClaimsPrincipalPermission.CheckAccess("Customer","Add");

Would check whether the user had permission to add customers.

We are testing http://thinktecture.github.com/Thinktecture.IdentityModel.45/

Basically claims based Authorization for .Net

With MVC5 and One ASP.Net Claims is baked right into the core of .Net

回答2:

After a long long search I found these essays useful:

http://msdn.microsoft.com/en-us/library/ff359101.aspx http://www.codeproject.com/Articles/639458/Claims-Based-Authentication-and-Authorization http://www.codetails.com/punitganshani/using-claims-identity-with-simplemembership-in-asp-net-mvc/20130525
http://leastprivilege.com/
http://www.postsharp.net/aspects/examples/security

UPDATE
latest from Microsoft introduced in 2013 release: http://blogs.msdn.com/b/webdev/archive/2013/06/27/introducing-asp-net-identity-membership-system-for-asp-net-applications.aspx
Samples:
https://stackoverflow.com/a/18751036/316343
https://github.com/rustd/AspnetIdentitySample http://msdn.microsoft.com/en-us/library/hh377151.aspx

I prefer the one used in CodeProject tutorial which is based on frameworks from Thinktecture guys, source code is available at:
https://github.com/brockallen/BrockAllen.MembershipReboot https://github.com/thinktecture/Thinktecture.IdentityModel.45

Just remember that the CodeProject article is outdated from the persistence point of view.
Now MembershipReboot support EntityFramework, MongoDB and RavenDB as data store.

回答3:

Recently, I was searching something about activity based authorization and I found some interesting tutorial, how to implement it: https://mkarczewski.wordpress.com/2013/10/21/activity-based-authorization-in-modular-systems/

I also found this library, and it seems very cool! This is something, I was hoping to find. https://github.com/michelgrootjans/CanI/blob/master/README.md

回答4:

In .NET you should be using Membership Provider and Authorize attributes.

回答5:

Check out this page in the ASP.NET Core documentation. Its somewhat similar to what cancan does.

You write an Authorization Handler like so:

public class DocumentAuthorizationHandler :
       AuthorizationHandler<OperationAuthorizationRequirement, Document>
   {
       public override Task HandleRequirementAsync(AuthorizationHandlerContext context,
                                                   OperationAuthorizationRequirement requirement,
                                                   Document resource)
       {
           // Validate the operation using the resource, the identity and
           // the Name property value from the requirement.

           return Task.CompletedTask;
       }
   }

Now you can use the following code in your controllers:

if (await authorizationService.AuthorizeAsync(User, document, Operations.Read))
   {
       return View(document);
   }
   else
   {
       return new ChallengeResult();
   }

or in your views:

@if (await AuthorizationService.AuthorizeAsync(User, Model, Operations.Edit))
   {
       <p><a class="btn btn-default" role="button"
           href="@Url.Action("Edit", "Document", new { id = Model.Id })">Edit</a></p>
   }

来源：https://stackoverflow.com/questions/11117395/cancan-gem-for-mvc-net