I need to restric access to my admin folder to certain people. Those with no authentication ticket should be redirectered to a "not allowed page". How do I identify all pages in my admin folder. I have so far but is it OK?
我需要限制对某些人访问我的管理员文件夹。那些没有身份验证票证的人应该被重定向到“不允许的页面”。如何识别管理员文件夹中的所有页面。我到目前为止但是可以吗?
If url.Contains("/admin") Then
如果url.Contains(“/ admin”)那么
'If authentication ticket incorrect then
'如果验证票不正确那么
`Response.Redirect("~/notallowed_admin.aspx")`
End If
And not, I cannot use my web.config for this particular issue.
而不是,我不能使用我的web.config来解决这个特殊问题。
Many thanks
2 个解决方案
#1
1
You should put the security check to Global.asax
您应该将安全检查放到Global.asax
Also, it would be wise to replace you condition with more precise match by regexp to avoid occasional mismatches.
此外,用regexp更精确匹配来替换你的条件是明智的,以避免偶尔的不匹配。
protected override void Application_BeginRequest(Object sender, EventArgs e) {
if (Regex.IsMatch(Request.Url.ToString(),@".*/system\.aspx/admin.*\.aspx",RegexOptions.IgnoreCase)) {
Response.Redirect("~/AdminSecurityCheck.aspx");
return;
}
.......
}
#2
0
If url.contains("/admin") should be sufficient in most cases. Most programmers would find it to be a bit if a KLUDGE, though.
如果url.contains(“/ admin”)在大多数情况下应该足够了。然而,大多数程序员会发现它有点像KLUDGE。
You could also write an abstract class to inherit from the Page class which contains the code to check the authorization and then redirect. Then, you could declare the classes for all the code-behind files in the admin folder to inherit the class.
您还可以编写一个抽象类来从Page类继承,该类包含检查授权然后重定向的代码。然后,您可以为admin文件夹中的所有代码隐藏文件声明类以继承该类。
I believe that yes, what you want to do is possible, though anything you do will be a bit of a KLUDGE form a .net point of view because web.config is what MS provides to specify how to do authorization.
我相信是的,你想做的事情是可能的,尽管你所做的任何事情都会从.net的角度来看,因为web.config是MS提供的用于指定授权的方式。
#1
1
You should put the security check to Global.asax
您应该将安全检查放到Global.asax
Also, it would be wise to replace you condition with more precise match by regexp to avoid occasional mismatches.
此外,用regexp更精确匹配来替换你的条件是明智的,以避免偶尔的不匹配。
protected override void Application_BeginRequest(Object sender, EventArgs e) {
if (Regex.IsMatch(Request.Url.ToString(),@".*/system\.aspx/admin.*\.aspx",RegexOptions.IgnoreCase)) {
Response.Redirect("~/AdminSecurityCheck.aspx");
return;
}
.......
}
#2
0
If url.contains("/admin") should be sufficient in most cases. Most programmers would find it to be a bit if a KLUDGE, though.
如果url.contains(“/ admin”)在大多数情况下应该足够了。然而,大多数程序员会发现它有点像KLUDGE。
You could also write an abstract class to inherit from the Page class which contains the code to check the authorization and then redirect. Then, you could declare the classes for all the code-behind files in the admin folder to inherit the class.
您还可以编写一个抽象类来从Page类继承,该类包含检查授权然后重定向的代码。然后,您可以为admin文件夹中的所有代码隐藏文件声明类以继承该类。
I believe that yes, what you want to do is possible, though anything you do will be a bit of a KLUDGE form a .net point of view because web.config is what MS provides to specify how to do authorization.
我相信是的,你想做的事情是可能的,尽管你所做的任何事情都会从.net的角度来看,因为web.config是MS提供的用于指定授权的方式。