asp.net-mvc – ASP.NET MVC帐户控制器使用指南？

I’m looking at the MVC account
controller…. it seems to be from
asp.net?

Scott Guthrie在他关于ASP.NET MVC Preview 4的博客条目中解释得很好.他基本上说MVC示例中的Account Controller使用ASP.NET成员资格提供者,因此可以使用其中的任何一个. (我想你可以在互联网上找到关于ASP.NET会员提供商的更多信息.)如果您不想实现/使用其中之一,修改应用程序以使用您自己的用户管理可能是最佳选择.

How do you make use of it in MVC to
restrict what pages a logged in user
can view? Do you have to roll all of
that on your own?

您可以将Authorize属性添加到控制器类或操作方法. (同上source)

// Only logged in users can access this controller.
[Authorize]
public class SomeController : Controller
{
    #region Not really important for this example. :]
    // Maybe rather use a BLL service here instead of the repository from the DAL,but this example is already more verbose than required.
    private IStuffRepository stuffRepository;

    public SomeController(IStuffRepository stuffRepository)
    {
        if (null == stuffRepository)
        {
            throw new ArgumentNullException("stuffRepository");
        }

        this.stuffRepository = stuffRepository;
    }
    #endregion

    // The authorize attribute is inherited - only logged in users can use the index action.
    public ActionResult Index()
    {
        return View();
    }

    // Moderators can flag stuff.
    [Authorize(Roles="Moderator")]
    public ActionResult Flag(int id)
    {
        this.stuffRepository.Flag(id);
        return RedirectToAction("Index");
    }

    // Admins ans SysOps can delete stuff.
    [Authorize(Roles="Admin,SysOp")]
    public ActionResult Delete(int id)
    {
        this.stuffRepository.Delete(id);
        return RedirectToAction("Index");
    }

    // Only joed can change the objects stuff. ;)
    // (This is probably bullshit,of course,but I could not make any better example. I blame the fact it is late at night. :))
    [Authorize(Users="COMPANYjoed")]
    public ActionResult ChangeId(int oldId,int newId)
    {
        this.stuffRepository.ChangeId(oldId,newId);
        return RedirectToAction("Index");
    }
}