ASP.NET 2.0安全成员资格提供程序模式

时间:2022-11-07 03:15:22

I am creating a website in ASP MVC. Can anyone give me some advice on using the built-in membership provider in the following way.

我正在ASP MVC中创建一个网站。任何人都可以通过以下方式向我提供有关使用内置成员资格提供程序的一些建议。

I want my users to create an Administrative account for themselves and then create accounts for the people in their organization, or the people that they want to give access to.

我希望我的用户为自己创建一个管理帐户,然后为其组织中的人员或他们想要访问的人员创建帐户。

I guess in a Database it will look something like this:

我想在数据库中它看起来像这样:

Companies have Administrators. Administrators can give users access.

公司有管理员。管理员可以授予用户访问权限。

I am sure this pattern is used all over the place, I am just not sure how to implement it. Especially using the membership providers.

我确信这个模式在各地都有用,我只是不确定如何实现它。特别是使用会员提供商。

Thanks,

David

3 个解决方案

#1


1  

There is nothing special in implementing this. It can be easily accomplished by built-in features of ASP.NET 2.0:

实现这一点没有什么特别之处。它可以通过ASP.NET 2.0的内置功能轻松完成:

  1. Configure Web site to use membership (via web.config)
  2. 配置网站以使用成员资格(通过web.config)

  3. Enable role management (via web.config <roles enabled="true"> tag)
  4. 启用角色管理(通过web.config 标记)

  5. Add administrator accounts to Administrators role.
  6. 将管理员帐户添加到管理员角色。

  7. Control access to the administrative pages by using [Authorize(Roles="Administrators")] attribute in the controller action.
  8. 使用控制器操作中的[Authorize(Roles =“Administrators”)]属性控制对管理页面的访问。

  9. Require authentication on other non-admin actions ([Authorize])
  10. 要求对其他非管理员操作进行身份验证([授权])

#2


0  

When I did this, I used the Membership Provider for authentication however, the organization concept I created externally from the Provider. You could use the Profile Provider.

当我这样做时,我使用了成员资格提供程序进行身份验证,但是我从提供者外部创建的组织概念。您可以使用Profile Provider。

As for roles I would still use the Roles within the ASP.Net Membership Model.

至于角色,我仍然会使用ASP.Net成员模型中的角色。

#3


0  

You can create a role for those people and name it something like organizational-admin, though that's a bit long, you catch my drift :). And give those the power to create users with a regular user role. At least that's how i did it in one of my applications.

您可以为这些人创建一个角色,并将其命名为组织管理员,虽然这有点长,但我抓住了我的漂移:)。并赋予这些用户以常规用户角色创建用户的权力。至少那是我在我的一个应用程序中做到的。

Ofcourse you'll keep the admin to yourself or to the person who is in charge of this particular site.

当然,你会将管理员留给自己或负责这个特定网站的人。

Gu's blog has a small example of how to implement the roles in an action filter.

Gu的博客中有一个如何在动作过滤器中实现角色的小例子。

#1


1  

There is nothing special in implementing this. It can be easily accomplished by built-in features of ASP.NET 2.0:

实现这一点没有什么特别之处。它可以通过ASP.NET 2.0的内置功能轻松完成:

  1. Configure Web site to use membership (via web.config)
  2. 配置网站以使用成员资格(通过web.config)

  3. Enable role management (via web.config <roles enabled="true"> tag)
  4. 启用角色管理(通过web.config 标记)

  5. Add administrator accounts to Administrators role.
  6. 将管理员帐户添加到管理员角色。

  7. Control access to the administrative pages by using [Authorize(Roles="Administrators")] attribute in the controller action.
  8. 使用控制器操作中的[Authorize(Roles =“Administrators”)]属性控制对管理页面的访问。

  9. Require authentication on other non-admin actions ([Authorize])
  10. 要求对其他非管理员操作进行身份验证([授权])

#2


0  

When I did this, I used the Membership Provider for authentication however, the organization concept I created externally from the Provider. You could use the Profile Provider.

当我这样做时,我使用了成员资格提供程序进行身份验证,但是我从提供者外部创建的组织概念。您可以使用Profile Provider。

As for roles I would still use the Roles within the ASP.Net Membership Model.

至于角色,我仍然会使用ASP.Net成员模型中的角色。

#3


0  

You can create a role for those people and name it something like organizational-admin, though that's a bit long, you catch my drift :). And give those the power to create users with a regular user role. At least that's how i did it in one of my applications.

您可以为这些人创建一个角色,并将其命名为组织管理员,虽然这有点长,但我抓住了我的漂移:)。并赋予这些用户以常规用户角色创建用户的权力。至少那是我在我的一个应用程序中做到的。

Ofcourse you'll keep the admin to yourself or to the person who is in charge of this particular site.

当然,你会将管理员留给自己或负责这个特定网站的人。

Gu's blog has a small example of how to implement the roles in an action filter.

Gu的博客中有一个如何在动作过滤器中实现角色的小例子。