如何使用角色保护ASP.Net中的网页?

时间:2022-02-26 18:30:20

In my application I have different roles and offcourse multiple pages. How do I secure webpages that may not be accessed by certain roles?

在我的应用程序中,我有不同的角色和幕外多页。如何保护某些角色无法访问的网页?

Imagine group 1 has access to webpage a.aspx, b.aspx and c.aspx but not to webpage d.aspx. How do i secure that when a user of group 1 types in d.aspx he cannot view the page?

想象一下,第1组可以访问网页a.aspx,b.aspx和c.aspx,但不能访问网页d.aspx。当组1的用户在d.aspx中键入时,如何确保无法查看该页面?

3 个解决方案

#1


You have to add in web.config, which Role can get which page.

您必须添加web.config,哪个Role可以获取哪个页面。

<location path="yourPage.aspx">
    <system.web>
        <authorization>
            <deny users="?"/>
            <allow roles="Super Admin"/>
                            <deny users="Admin"/>

        </authorization>
    </system.web>
</location>

#2


This is a big topic but I think what you want to look into is the ASP.NET Membership Provider.

这是一个很大的主题,但我认为您要查看的是ASP.NET成员资格提供程序。

I would start here: Examining ASP.NET 2.0's Membership, Roles, and Profile.

我将从这里开始:检查ASP.NET 2.0的成员资格,角色和配置文件。

There's one thing messageboard websites, eCommerce websites, social network websites, and portal websites share in common: they all provide user accounts. These websites, and many others, allow (or require) visitors to create an account in order to utilize certain functionality. For example, a messageboard website, like ASPMessageboard.com, allows anonymous and authenticated visitors to view and search the posts in the various forums. However, in order to be able to post a new thread or reply to a message a visitor must have an account and must log into the site.

有一件事留言板网站,电子商务网站,社交网络网站和门户网站共有:它们都提供用户帐户。这些网站和许多其他网站允许(或要求)访问者创建帐户以利用某些功能。例如,一个留言板网站,如ASPMessageboard.com,允许匿名和经过身份验证的访问者查看和搜索各种论坛中的帖子。但是,为了能够发布新帖子或回复邮件,访问者必须拥有一个帐户并且必须登录该站点。

#3


This might help you.

这可能对你有帮助。

Authorization module which applies authorization to matching urls: http://code.google.com/p/talifun-web/wiki/RegexUrlAuthorizationModule

授权模块将授权应用于匹配网址:http://code.google.com/p/talifun-web/wiki/RegexUrlAuthorizationModule

#1


You have to add in web.config, which Role can get which page.

您必须添加web.config,哪个Role可以获取哪个页面。

<location path="yourPage.aspx">
    <system.web>
        <authorization>
            <deny users="?"/>
            <allow roles="Super Admin"/>
                            <deny users="Admin"/>

        </authorization>
    </system.web>
</location>

#2


This is a big topic but I think what you want to look into is the ASP.NET Membership Provider.

这是一个很大的主题,但我认为您要查看的是ASP.NET成员资格提供程序。

I would start here: Examining ASP.NET 2.0's Membership, Roles, and Profile.

我将从这里开始:检查ASP.NET 2.0的成员资格,角色和配置文件。

There's one thing messageboard websites, eCommerce websites, social network websites, and portal websites share in common: they all provide user accounts. These websites, and many others, allow (or require) visitors to create an account in order to utilize certain functionality. For example, a messageboard website, like ASPMessageboard.com, allows anonymous and authenticated visitors to view and search the posts in the various forums. However, in order to be able to post a new thread or reply to a message a visitor must have an account and must log into the site.

有一件事留言板网站,电子商务网站,社交网络网站和门户网站共有:它们都提供用户帐户。这些网站和许多其他网站允许(或要求)访问者创建帐户以利用某些功能。例如,一个留言板网站,如ASPMessageboard.com,允许匿名和经过身份验证的访问者查看和搜索各种论坛中的帖子。但是,为了能够发布新帖子或回复邮件,访问者必须拥有一个帐户并且必须登录该站点。

#3


This might help you.

这可能对你有帮助。

Authorization module which applies authorization to matching urls: http://code.google.com/p/talifun-web/wiki/RegexUrlAuthorizationModule

授权模块将授权应用于匹配网址:http://code.google.com/p/talifun-web/wiki/RegexUrlAuthorizationModule