* フォーム認証によるロールベースのアクセス制御 [#od342879]
** アクセス制御の仕方 [#afd0ea96]
- アクションクラスまたはアクションメソッドにアノテーションで設定する。
public class HomeController : Controller
{
[Authorize(Roles="Administrations")]
public ActionResult Index() {}
}
** 認証を行うクラス [#sa0dda5b]
- MembershipProviderを継承したカスタムクラスでユーザ認証を行う
- RoleProviderを継承したカスタムクラスでロールの管理を行う
** 認証ユーザの参照 [#wbd947ea]
public ActionResult Index() {
var user = HttpContext.User;
}
** 実装例 [#j39d8a88]
*** MembershipProvider [#k24c73b7]
public class MyCustomMembershipProvider : MembershipProvider
{
public override bool ValidateUser(string username, string password)
{
if (username == "admin" && password == "123456") {
return true;
}
if (username == "user" && password == "123456") {
return true;
}
return false;
}
これ以外のMembershipProviderの抽象メソッドは取り敢えず未実装で良い。
*** RoleProvider [#xabcc019]
public class MyCustomRoleProvider : RoleProvider
{
public override bool IsUserInRole(string username, string roleName)
{
if (username == "admin" && roleName == "Administrators") {
return true;
}
else if (username != "admin" && roleName == "Users") {
return true;
}
return false;
}
public override string[] GetRolesForUser(string username)
{
if (username == "admin") {
return new string[] { "Administrators" };
}
else {
return new string[] { "Users" };
}
}
これ以外のRoleProviderの抽象メソッドは取り敢えず未実装で良い。
*** web.config [#hb11f8c8]
<system.web>
<authentication mode="Forms" >
<forms loginUrl="~/Login/Index"></forms>
</authentication>
<membership defaultProvider="myCustomMembershipProvider">
<providers>
<clear />
<add name="myCustomMembershipProvider" type="WebApplication1.MyCustomMembershipProvider" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="myCustomRoleProvider">
<providers>
<clear/>
<add name="myCustomRoleProvider" type="WebApplication1.MyCustomRoleProvider" />
</providers>
</roleManager>
*** Loginコントローラ [#xd83dd6d]
public class LoginController : Controller
{
readonly MyCustomMembershipProvider _membershipProvider = new MyCustomMembershipProvider();
public ActionResult Index()
{
FormsAuthentication.SignOut();
return View();
}
[HttpPost]
public ActionResult Index(UserEntity user)
{
if (_membershipProvider.ValidateUser(user.Username, user.Password)) {
FormsAuthentication.SetAuthCookie(user.Username, false);
return RedirectToAction("Index", "Home");
}
ViewBag.Message = "Username or Password is incorrect.";
return View(user);
}
}
以上でMembershipProviderを使ってユーザ認証を行う。
*** Loginビュー [#la24a9d5]
@model WebApplication1.UserEntity
@{
ViewBag.Title = "Index";
}
<h2>Index</h2>
<div>@ViewBag.Message</div>
@using (Html.BeginForm()) {
@Html.EditorFor(m => m)
<input type="submit" value="LOGIN" />
}
*** Loginビューモデル [#c24b5af3]
public class UserEntity
{
public string Username { get; set; }
public string Password { get; set; }
}
*** アクセス制御をするアクションクラス・メソッド [#pb42e536]
public class HomeController : Controller
{
[Authorize]
public ActionResult Index()
{
return View();
}
[Authorize(Roles="Administrators")]
public ActionResult Index2()
{
return View();
}
}
** 参考 [#wd759be3]
- http://keibalight.wordpress.com/2012/03/04/%e3%80%90f-asp-net-mvc%e3%80%91-%e8%aa%8d%e8%a8%bc%e3%83%95%e3%82%a3%e3%83%ab%e3%82%bf%e3%83%bc%e3%81%ab%e3%82%88%e3%82%8b%e3%83%ad%e3%82%b0%e3%82%a4%e3%83%b3%e8%aa%8d%e8%a8%bc%e3%82%92%e8%a1%8c/
- http://d.hatena.ne.jp/yezweb/20091013/1255413234
- http://www.dotnet-tricks.com/Tutorial/mvc/G54G220114-Custom-Authentication-and-Authorization-in-ASP.NET-MVC.html
- http://typecastexception.com/post/2013/11/11/Extending-Identity-Accounts-and-Implementing-Role-Based-Authentication-in-ASPNET-MVC-5.aspx
*** 外部認証 app_start\startup.auth.cs [#m89339f7]
http://weblogs.asp.net/imranbaloch/archive/2013/07/18/configuring-asp-net-mvc-5-login-options.aspx