asp.net-mvc-4 – 使用ASP.NET MVC进行基于声明的授权

到目前为止,我能找到的是Thinktecture.IdentityModel和this blog在示例网站上实现基于声明的授权.如果你们可以指出一些使用声明的开源项目,那将非常有帮助.

我感兴趣的是如何使用数据库检索我的应用程序的声明.

到目前为止,我所尝试的是使用内存声明存储来模拟数据库,我已经创建了一个CustomClaimsTransformer和CustomAuthorisationManager.

public class CustomClaimsTransformer : ClaimsAuthenticationManager
    {
        public override ClaimsPrincipal Authenticate(string resourceName,ClaimsPrincipal incomingPrincipal)
        {
            //validate name claim
            string nameClaimValue = incomingPrincipal.Identity.Name;

            return CreatePrincipal(nameClaimValue);
        }

        private ClaimsPrincipal CreatePrincipal(string userName)
        {
            int userId = ClaimStore.Users.First(u => u.Value == userName).Key;
            var claims = ClaimStore.ClaimsSet.Where(c => c.Key == userId);

            var claimsCollection = claims.Select(kp => kp.Value).ToList();

            return new ClaimsPrincipal(new ClaimsIdentity(claimsCollection,"Custom"));
        }
    }

public class CustomAuthorisationManager : ClaimsAuthorizationManager
    { 
        public override bool CheckAccess(AuthorizationContext context)
        {
            string resource = context.Resource.First().Value;
            string action = context.Action.First().Value;

            if (action == "Show" && resource == "Code")
            {
                bool likesJava = context.Principal.HasClaim(ClaimStore._httpMyclaimsUsers,"True");
                return likesJava;
            }
            else if (action == "Read" && resource == "Departments")
            {
                bool readDeps = context.Principal.HasClaim(ClaimStore._httpMyclaimsDepartments,"Read");
                return readDeps;
            }
            return false;
        }
    }

如何在没有太多IF条件的情况下在现实场景中实现这些？