I have updated the Home controller to add a new action method and pass some information about the authenticated user to the view, as shown in Listing 14-17.
我也更新了Home控制器，添加了一个新的动作方法，并将已认证用户的一些信息传递给视图，如清单14-17所示。

Listing 14-17. Adding an Action Method and Account Information to the HomeController.cs File
清单14-17. 在HomeController.cs文件中添加动作方法和账号信息

using System.Web.Mvc; using System.Collections.Generic; using System.Web; using System.Security.Principal;
namespace Users.Controllers {
public class HomeController : Controller {
[Authorize] public ActionResult Index() { return View(GetData("Index")); }
[Authorize(Roles="Users")] public ActionResult OtherAction() { return View("Index", GetData("OtherAction")); }
private Dictionary<string, object> GetData(string actionName) { Dictionary<string, object> dict = new Dictionary<string, object>(); dict.Add("Action", actionName); dict.Add("User", HttpContext.User.Identity.Name); dict.Add("Authenticated", HttpContext.User.Identity.IsAuthenticated); dict.Add("Auth Type", HttpContext.User.Identity.AuthenticationType); dict.Add("In Users Role", HttpContext.User.IsInRole("Users")); return dict; } } }

I have left the Authorize attribute unchanged for the Index action method, but I have set the Roles property when applying the attribute to the OtherAction method, specifying that only members of the Users role should be able to access it. I also defined a GetData method, which adds some basic information about the user identity, using the properties available through the HttpContext object. The final change I made was to the Index.cshtml file in the Views/Home folder, which is used by both actions in the Home controller, to add a link that targets the Logout method in the Account controller, as shown in Listing 14-18.
我没有改变Index动作方法上的Authorize注解属性，但将该属性运用于OtherAction方法时，已经设置了Roles属性，指明只有Users角色的成员才能够访问它。我还定义了一个GetData方法，它添加了一些有关用户标识的基本信息，这是通过HttpContext对象可用的属性获得的。最后所做的修改是Views/Home文件夹中的Index.cshtml文件，它是由Home控制器中的两个动作使用的，我在其中添加了一些以Account控制器中的Logout方法为目标的链接，如清单14-18所示。

Listing 14-18. Adding a Sign-Out Link to the Index.cshtml File in the Views/Home Folder
清单14-18. 在Views/Home文件夹中的Index.cshtml文件中添加Sign-Out（签出）链接

@{ ViewBag.Title = "Index"; }
<div> <div>User Details</div> <table> @foreach (string key in Model.Keys) { <tr> <th>@key</th> <td>@Model[key]</td> </tr> } </table> </div>
@Html.ActionLink("Sign Out", "Logout", "Account", null, new {@class = "btn btn-primary"})

Tip the Authorize attribute can also be used to authorize access based on a list of individual usernames. This is an appealing feature for small projects, but it means you have to change the code in your controllers each time the set of users you are authorizing changes, and that usually means having to go through the test-and-deploy cycle again. Using roles for authorization isolates the application from changes in individual user accounts and allows you to control access to the application through the memberships stored by ASP.NET Identity.
提示：Authorize注解属性也能够用来根据个别用户名进行授权访问。这是一个对小型项目很吸引人的特性，但这意味着，你每次授权的用户集合发生变化时，必须修改控制器中的代码，这也意味着，要重走一遍从测试到部署的开发周期。使用角色授权将应用程序与修改个别用户账号隔离开来，使你能够通过ASP.NET Identity存储的成员来控制对应用程序的访问。

To test the authentication, start the application and navigate to the /Home/Index URL. Your browser will be redirected so that you can enter user credentials. It doesn’t matter which of the user details from Table 14-10 you choose to authenticate with because the Authorize attribute applied to the Index action allows access to any authenticated user.
为了测试认证，启动应用程序，并导航到/Home/Index URL。浏览器将被重定向，让你输入用户凭据。选用表14-10中的哪一个用户细节进行认证没有多大关系，因为运用于Index动作的Authorize注解属性允许任何已认证用户进行访问