I'm using the ASP.NET Login Controls and Forms Authentication for membership/credentials for an ASP.NET web application.
我使用ASP。NET登录控件和ASP的成员/凭证的表单身份验证。净的web应用程序。
I've got two roles:
我有两个角色:
- Users
- 用户
- Administrators
- 管理员
I want pages to be viewable by four different groups:
我想让四个不同的组可以看到页面:
- Everyone (Default, Help)
- 每个人(默认情况下,帮助)
- Anonymous (CreateUser, Login, PasswordRecovery)
- 匿名(CreateUser、登录、PasswordRecovery)
- Users (ChangePassword, DataEntry)
- 用户(ChangePassword DataEntry)
- Administrators (Report)
- 管理员(报告)
Expanding on the example in the ASP.NET HOW DO I Video Series: Membership and Roles, I've put those page files into such folders:
在ASP中扩展示例。我如何视频系列:成员和角色,我把那些页面文件放入这样的文件夹:
And I used the ASP.NET Web Site Administration Tool to set up access rules for each folder.
我用的是ASP。NET网站管理工具,为每个文件夹设置访问规则。
It works but seems kludgy to me and it creates issues when Login.aspx is not at the root and with the ReturnUrl parameter of Login.aspx.
它可以工作,但对我来说似乎很笨拙,并且在登录时产生问题。aspx不在根节点,并且具有Login.aspx的ReturnUrl参数。
Is there a better way to do this? Is there perhaps a simple way I can set permissions at the page level rather than at the folder level?
有更好的方法吗?是否有一种简单的方法可以在页面级别而不是文件夹级别设置权限?
3 个解决方案
#1
1
A couple solutions off the top of my head.
我头脑中有几个解。
- You could set up restrictions for each page in your web.config file. This would allow you to have whatever folder hierarchy you wish to use. However, it will require that you keep the web.config file up to date whenever you add additional pages. The nice part of having the folder structure determine accessibility is that you don't have to think about it when you add in new pages.
- 您可以为web中的每个页面设置限制。配置文件。这将允许您使用任何希望使用的文件夹层次结构。然而,它需要你保持网络。无论何时添加其他页面,配置文件都是最新的。文件夹结构确定可访问性的好处在于,在添加新页面时不必考虑它。
- Have your pages inherit from custom classes (i.e. EveryonePage, UserPage, AdminPage, etc.) and put a role check in the Page_Load routine.
- 让您的页面继承自自自定义类(例如,EveryonePage、UserPage、AdminPage等),并在Page_Load例程中放置角色检查。
#2
1
One solution I've used in the past is this:
我过去使用的一个解决方案是:
- Create a base page called 'SecurePage' or something to that effect.
- 创建一个名为“SecurePage”的基础页面或类似的内容。
- Add a property 'AllowedUserRoles' to the base page that is a generic list of user roles List or List where int is the role id.
- 将属性“AllowedUserRoles”添加到基本页面,该页面是用户角色列表或列表的通用列表,其中int是角色id。
- In the Page_Load event of any page extending SecurePage you add each allowed user role to the AllowedUserroles property.
- 在任何页面扩展SecurePage的Page_Load事件中,您将每个允许的用户角色添加到AllowedUserroles属性。
- In the base page override OnLoad() and check if the current user has one of the roles listed in AllowedUserRoles.
- 在基本页覆盖OnLoad()中,检查当前用户是否有在AllowedUserRoles中列出的一个角色。
This allows each page to be customized without you having to put tons of stuff in your web.config to control each page.
这使得每个页面都可以定制,而无需在web上放置大量的内容。配置以控制每个页面。
#3
1
In the master page I define a public property that toggles security checking, defaulted to true. I also declare a string that is a ; delimited list of roles needed for that page.
在母版页中,我定义了一个公共属性,用于切换安全性检查,默认为true。我还声明了一个字符串a;指定页面所需的角色列表。
in the page load of my master page I do the following
在主页的页面加载中,我执行以下操作
if (_secure)
{
if (Request.IsAuthenticated)
{
if (_role.Length > 0)
{
if (PortalSecurity.IsInRoles(_role))
{
return;
}
else
{
accessDenied = true;
}
}
else
{
return;
}
}
}
//do whatever you wanna do to people who dont have access.. bump to a login page or whatever
also you'll have to put
你还得写
at the top of your pages so you can access the extended properties of your master page
在页面的顶部,这样您就可以访问母版页的扩展属性。
#1
1
A couple solutions off the top of my head.
我头脑中有几个解。
- You could set up restrictions for each page in your web.config file. This would allow you to have whatever folder hierarchy you wish to use. However, it will require that you keep the web.config file up to date whenever you add additional pages. The nice part of having the folder structure determine accessibility is that you don't have to think about it when you add in new pages.
- 您可以为web中的每个页面设置限制。配置文件。这将允许您使用任何希望使用的文件夹层次结构。然而,它需要你保持网络。无论何时添加其他页面,配置文件都是最新的。文件夹结构确定可访问性的好处在于,在添加新页面时不必考虑它。
- Have your pages inherit from custom classes (i.e. EveryonePage, UserPage, AdminPage, etc.) and put a role check in the Page_Load routine.
- 让您的页面继承自自自定义类(例如,EveryonePage、UserPage、AdminPage等),并在Page_Load例程中放置角色检查。
#2
1
One solution I've used in the past is this:
我过去使用的一个解决方案是:
- Create a base page called 'SecurePage' or something to that effect.
- 创建一个名为“SecurePage”的基础页面或类似的内容。
- Add a property 'AllowedUserRoles' to the base page that is a generic list of user roles List or List where int is the role id.
- 将属性“AllowedUserRoles”添加到基本页面,该页面是用户角色列表或列表的通用列表,其中int是角色id。
- In the Page_Load event of any page extending SecurePage you add each allowed user role to the AllowedUserroles property.
- 在任何页面扩展SecurePage的Page_Load事件中,您将每个允许的用户角色添加到AllowedUserroles属性。
- In the base page override OnLoad() and check if the current user has one of the roles listed in AllowedUserRoles.
- 在基本页覆盖OnLoad()中,检查当前用户是否有在AllowedUserRoles中列出的一个角色。
This allows each page to be customized without you having to put tons of stuff in your web.config to control each page.
这使得每个页面都可以定制,而无需在web上放置大量的内容。配置以控制每个页面。
#3
1
In the master page I define a public property that toggles security checking, defaulted to true. I also declare a string that is a ; delimited list of roles needed for that page.
在母版页中,我定义了一个公共属性,用于切换安全性检查,默认为true。我还声明了一个字符串a;指定页面所需的角色列表。
in the page load of my master page I do the following
在主页的页面加载中,我执行以下操作
if (_secure)
{
if (Request.IsAuthenticated)
{
if (_role.Length > 0)
{
if (PortalSecurity.IsInRoles(_role))
{
return;
}
else
{
accessDenied = true;
}
}
else
{
return;
}
}
}
//do whatever you wanna do to people who dont have access.. bump to a login page or whatever
also you'll have to put
你还得写
at the top of your pages so you can access the extended properties of your master page
在页面的顶部,这样您就可以访问母版页的扩展属性。