I have an ASP.Net Web Forms application in which I'm using forms-based authentication with Membership and Role providers, which is fine for authenticating and controlling access to directories and/or files. Now I find myself needing to control read, write and delete access on individual entity instances, for example being able to update or delete an instance of a customer. I've been trying to think of a good way to implement this but I don't really know where to start. I read about the Authorize attribute in ASP.Net MVC and thought it would be nice to have something analogous--decorating methods the way you can controller actions in ASP.Net MVC. I don't know of any out of the box way to accomplish this in the Web Forms world though, and don't know of any frameworks or other tools that might help me move in that direction. Any suggestions, both in terms of existing solutions and/or how to design my own implementation would be greatly appreciated.
我有一个ASP.Net Web窗体应用程序,其中我使用成员身份和角色提供程序进行基于表单的身份验证,这对于验证和控制对目录和/或文件的访问是很好的。现在我发现自己需要控制对各个实体实例的读取,写入和删除访问,例如能够更新或删除客户的实例。我一直试图想出一个很好的方法来实现这个,但我真的不知道从哪里开始。我读到了ASP.Net MVC中的Authorize属性,并认为有类似的东西会很好 - 装饰方法就像ASP.Net MVC中的控制器动作一样。我不知道在Web窗体世界中有任何开箱即用的方法可以实现这一点,并且不知道任何可能帮助我朝这个方向前进的框架或其他工具。任何建议,无论是在现有解决方案和/或如何设计我自己的实现,将不胜感激。
2 个解决方案
#1
The easiest way is to demand that the user is a member of the role(s) required for the method in question with PrincipalPermissionAttribute.
最简单的方法是要求用户是PrincipalPermissionAttribute相关方法所需角色的成员。
[PrincipalPermission(SecurityAction.Demand, Role="Supervisor")]
[PrincipalPermission(SecurityAction.Demand, Role="Owner")]
public void DeleteSomething() {...}
Note that this means Supervisor OR Owner can DeleteSomething().
请注意,这意味着Supervisor OR Owner可以DeleteSomething()。
#2
I don't think "PrincipalPermission" is a good approch. What If, I need to allow DeleteSomthing() for another role? similarly, If I need to remove existing role for DeleteSomthing()? The only way is changing the attributes at code level. This is not at all feasible for big projects.
我不认为“PrincipalPermission”是一个很好的approch。如果,我需要允许DeleteSomthing()为另一个角色?同样,如果我需要删除DeleteSomthing()的现有角色?唯一的方法是在代码级别更改属性。这对大型项目来说根本不可行。
I am also looking for a nice solution.
我也在寻找一个很好的解决方案。
#1
The easiest way is to demand that the user is a member of the role(s) required for the method in question with PrincipalPermissionAttribute.
最简单的方法是要求用户是PrincipalPermissionAttribute相关方法所需角色的成员。
[PrincipalPermission(SecurityAction.Demand, Role="Supervisor")]
[PrincipalPermission(SecurityAction.Demand, Role="Owner")]
public void DeleteSomething() {...}
Note that this means Supervisor OR Owner can DeleteSomething().
请注意,这意味着Supervisor OR Owner可以DeleteSomething()。
#2
I don't think "PrincipalPermission" is a good approch. What If, I need to allow DeleteSomthing() for another role? similarly, If I need to remove existing role for DeleteSomthing()? The only way is changing the attributes at code level. This is not at all feasible for big projects.
我不认为“PrincipalPermission”是一个很好的approch。如果,我需要允许DeleteSomthing()为另一个角色?同样,如果我需要删除DeleteSomthing()的现有角色?唯一的方法是在代码级别更改属性。这对大型项目来说根本不可行。
I am also looking for a nice solution.
我也在寻找一个很好的解决方案。