您可以通過在你的數據存儲領域,確定創造者和擁有權限的用戶在你的系統的核心實現這一點,例如。
然後你可以實現你自己的授權屬性,如;
公共類CustomAuthenticateAttribute:AuthorizeAttribute {
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// your own business logic, for instance, check if the user is the
// creator of the requested resource (check a database field you
// have created to identify the creator etc...)
// if that goes well authorize using regular roles, below
return base.AuthorizeCore(httpContext);
}
}
你會再與
[AuthorizeAttribute(Role = "editors")]
裝點你的控制器