I have the following in my web.config:
我在web.config中有以下内容:
<location path="RestrictedPage.aspx">
<system.web>
<authorization>
<allow roles="Group1Admin, Group3Admin, Group7Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Within RestrictedPage.aspx.cs, how do I retrieve the allowed roles collection that contains Group1Admin, Group3Admin, and Group7Admin?
在RestrictedPage.aspx.cs中,如何检索包含Group1Admin,Group3Admin和Group7Admin的允许角色集合?
Here's why I ask:
这就是为什么我问:
The web.config is handling the authorization to the page. That works fine. But I'm going to have a couple of these pages (say RestrictedPage.aspx, RestrictedPage2.aspx, RestrictedPage3.aspx). Each of these pages is going to have my custom webcontrol on it. And each of these pages will have different allowed roles. My webcontrol has a dropdown list. The choices within the dropdown depend on the intersection of the user's roles and the page's allowed roles.
web.config正在处理页面的授权。这很好。但是我将会有几个这样的页面(比如RestrictedPage.aspx,RestrictedPage2.aspx,RestrictedPage3.aspx)。这些页面中的每一个都将在其上进行自定义web控件。每个页面都有不同的允许角色。我的webcontrol有一个下拉列表。下拉列表中的选项取决于用户角色与页面允许角色的交集。
As mentioned below, searching the web.config with XPath would probably work. I was just hoping for something more framework-y. Kind of like SiteMap. When I put roles in my web.sitemap, I can grab them using SiteMap.CurrentNode.Roles (my website is using Windows authentication, so I can't use web.sitemap for security trimming and I'd rather maintain roles in only one file).
如下所述,使用XPath搜索web.config可能会有效。我只是希望有更多的框架。有点像SiteMap。当我在我的web.sitemap中放置角色时,我可以使用SiteMap.CurrentNode.Roles抓取它们(我的网站使用的是Windows身份验证,所以我不能使用web.sitemap进行安全修整,而是宁愿只保留一个角色文件)。
5 个解决方案
#1
3
// set the configuration path to your config file
string configPath = "??";
Configuration config = WebConfigurationManager.OpenWebConfiguration(configPath);
// Get the object related to the <identity> section.
AuthorizationSection section = (AuthorizationSection)config.GetSection("system.web/authorization");
from the section object get the AuthorizationRuleCollection object where you can then extract the Roles.
从section对象获取AuthorizationRuleCollection对象,然后在其中提取角色。
Note: You'll probably need to modify the path to the section a bit since you start with "location path="RestrictedPage.aspx"", I didn't try that scenario.
注意:您可能需要稍微修改该部分的路径,因为您从“location path =”RestrictedPage.aspx“”开始,我没有尝试这种情况。
#2
0
if {User.IsInRole("Group1Admin"){//do stuff}
Is that what your asking?
这是你的要求吗?
#3
0
I'm not sure for certain, but I would have thought that this is checked before your page is even processed, so if a user is not in a role they would never reach your page. Which ultimately would make the visibility of this redundant in the page.
我不确定,但我认为在您的网页处理之前会对此进行检查,因此如果用户不在某个角色,他们就永远无法访问您的网页。这最终会使页面中的冗余可见性。
#4
0
I'm convinced that there is a better way to read this information, but here is a way that you can read the allow values from a web.config file.
我确信有更好的方法来阅读这些信息,但是这里有一种方法可以从web.config文件中读取允许值。
XmlDocument webConfigReader = new XmlDocument();
webConfigReader.Load(Server.MapPath("web.config"));
XmlNodeList root = webConfigReader.SelectNodes("//location[@path="RestrictedPage.aspx"]//allow//@roles");
foreach (XmlNode node in root)
{
Response.Write(node.Value);
}
Of course, the ASP.NET role provider will handle this for you, so reading these values is only really relevant if you plan to do something with them in the code-behind beside authorizing users, which you may be doing.
当然,ASP.NET角色提供程序将为您处理此问题,因此,如果您计划在代码隐藏中执行某些操作,除了授权用户之外,读取这些值也是非常重要的,您可能正在这样做。
Hope this helps--you may have to split your result using the , character.
希望这会有所帮助 - 您可能必须使用字符拆分结果。
#5
0
What typically happens is this...
通常发生的是......
When the user hits your page, if authentication/authorization is active, the Application_Authentication event is raised. Unless you are using Windows Authentication against something like Active Directory, the IPrincipal and Identity objects will not be available to you, so you can't access the User.IsInRole() method. However, you CAN do this by adding the following code into your Global.asax file:
当用户点击您的页面时,如果身份验证/授权处于活动状态,则会引发Application_Authentication事件。除非您对Active Directory之类的内容使用Windows身份验证,否则您将无法使用IPrincipal和Identity对象,因此您无法访问User.IsInRole()方法。但是,您可以通过将以下代码添加到Global.asax文件中来执行此操作:
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
Dim formsAuthTicket As FormsAuthenticationTicket
Dim httpCook As HttpCookie
Dim objGenericIdentity As GenericIdentity
Dim objMyAppPrincipal As CustomPrincipal
Dim strRoles As String()
Log.Info("Starting Application AuthenticateRequest Method...")
httpCook = Context.Request.Cookies.Get("authCookieEAF")
formsAuthTicket = FormsAuthentication.Decrypt(httpCook.Value)
objGenericIdentity = New GenericIdentity(formsAuthTicket.Name)
strRoles = formsAuthTicket.UserData.Split("|"c)
objMyAppPrincipal = New CustomPrincipal(objGenericIdentity, strRoles)
HttpContext.Current.User = objMyAppPrincipal
Log.Info("Application AuthenticateRequest Method Complete.")
End Sub
This will put a cookie into the browser session with the proper user and role credentials you can access in the web app.
这会将cookie放入浏览器会话中,并使用您可以在Web应用程序中访问的正确用户和角色凭据。
Ideally, your user is only going to be in one role in an application, so I believe that is why you have the role check method available to you. It would be easy enough to write a helper method for you that would iterate through the list of roles in the application and test to see what role they are in.
理想情况下,您的用户只会在应用程序中担任一个角色,因此我相信这就是您可以使用角色检查方法的原因。为您编写一个辅助方法很容易,它会遍历应用程序中的角色列表并进行测试以查看它们所处的角色。
#1
3
// set the configuration path to your config file
string configPath = "??";
Configuration config = WebConfigurationManager.OpenWebConfiguration(configPath);
// Get the object related to the <identity> section.
AuthorizationSection section = (AuthorizationSection)config.GetSection("system.web/authorization");
from the section object get the AuthorizationRuleCollection object where you can then extract the Roles.
从section对象获取AuthorizationRuleCollection对象,然后在其中提取角色。
Note: You'll probably need to modify the path to the section a bit since you start with "location path="RestrictedPage.aspx"", I didn't try that scenario.
注意:您可能需要稍微修改该部分的路径,因为您从“location path =”RestrictedPage.aspx“”开始,我没有尝试这种情况。
#2
0
if {User.IsInRole("Group1Admin"){//do stuff}
Is that what your asking?
这是你的要求吗?
#3
0
I'm not sure for certain, but I would have thought that this is checked before your page is even processed, so if a user is not in a role they would never reach your page. Which ultimately would make the visibility of this redundant in the page.
我不确定,但我认为在您的网页处理之前会对此进行检查,因此如果用户不在某个角色,他们就永远无法访问您的网页。这最终会使页面中的冗余可见性。
#4
0
I'm convinced that there is a better way to read this information, but here is a way that you can read the allow values from a web.config file.
我确信有更好的方法来阅读这些信息,但是这里有一种方法可以从web.config文件中读取允许值。
XmlDocument webConfigReader = new XmlDocument();
webConfigReader.Load(Server.MapPath("web.config"));
XmlNodeList root = webConfigReader.SelectNodes("//location[@path="RestrictedPage.aspx"]//allow//@roles");
foreach (XmlNode node in root)
{
Response.Write(node.Value);
}
Of course, the ASP.NET role provider will handle this for you, so reading these values is only really relevant if you plan to do something with them in the code-behind beside authorizing users, which you may be doing.
当然,ASP.NET角色提供程序将为您处理此问题,因此,如果您计划在代码隐藏中执行某些操作,除了授权用户之外,读取这些值也是非常重要的,您可能正在这样做。
Hope this helps--you may have to split your result using the , character.
希望这会有所帮助 - 您可能必须使用字符拆分结果。
#5
0
What typically happens is this...
通常发生的是......
When the user hits your page, if authentication/authorization is active, the Application_Authentication event is raised. Unless you are using Windows Authentication against something like Active Directory, the IPrincipal and Identity objects will not be available to you, so you can't access the User.IsInRole() method. However, you CAN do this by adding the following code into your Global.asax file:
当用户点击您的页面时,如果身份验证/授权处于活动状态,则会引发Application_Authentication事件。除非您对Active Directory之类的内容使用Windows身份验证,否则您将无法使用IPrincipal和Identity对象,因此您无法访问User.IsInRole()方法。但是,您可以通过将以下代码添加到Global.asax文件中来执行此操作:
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
Dim formsAuthTicket As FormsAuthenticationTicket
Dim httpCook As HttpCookie
Dim objGenericIdentity As GenericIdentity
Dim objMyAppPrincipal As CustomPrincipal
Dim strRoles As String()
Log.Info("Starting Application AuthenticateRequest Method...")
httpCook = Context.Request.Cookies.Get("authCookieEAF")
formsAuthTicket = FormsAuthentication.Decrypt(httpCook.Value)
objGenericIdentity = New GenericIdentity(formsAuthTicket.Name)
strRoles = formsAuthTicket.UserData.Split("|"c)
objMyAppPrincipal = New CustomPrincipal(objGenericIdentity, strRoles)
HttpContext.Current.User = objMyAppPrincipal
Log.Info("Application AuthenticateRequest Method Complete.")
End Sub
This will put a cookie into the browser session with the proper user and role credentials you can access in the web app.
这会将cookie放入浏览器会话中,并使用您可以在Web应用程序中访问的正确用户和角色凭据。
Ideally, your user is only going to be in one role in an application, so I believe that is why you have the role check method available to you. It would be easy enough to write a helper method for you that would iterate through the list of roles in the application and test to see what role they are in.
理想情况下,您的用户只会在应用程序中担任一个角色,因此我相信这就是您可以使用角色检查方法的原因。为您编写一个辅助方法很容易,它会遍历应用程序中的角色列表并进行测试以查看它们所处的角色。