如何使用动态数据和 Active Directory 实施基于角色的安全性?
在 ASP.NET 动态数据站点上使用活动目录角色实现安全性的最佳方法是什么?
我想将某些视图(以及相关链接)限制为某些角色。 即用户A只能查看表x的列表操作,用户B只能查看表y的列表操作
What is the best way to implement security using active directory roles on an asp.net dynamic data site?
I would like to restrict certain views (and the related links) to certain roles.
i.e. user A can only view list actions for table x and user B can only view list actions for table y
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我在很多应用程序中都这样做过。
为您的应用程序启用 Windows 身份验证。
创建一些可以存储用户凭据的对象,并将该对象存储在会话中以便快速检索。 如果它不存在,您可以快速重建它。 我通常将每个角色设置为一点,例如:
然后,每当需要保护控件时,我都会将其传递给一个函数,该函数采用 HtmlControl 和基于用户角色和该控件的安全要求的属性。
例如。 bool SetControlSecurity(HtmlControl ctrl, int iUserRoles, int iControlRoles, ACTION eAction)
因此,执行面板的示例可能是:
SetControlSecurity(pnlUserInfo, YourUserObject.Roles, eRole.Role2, ACTION.Hide);
我通常还会将其作为在安全性失败时执行的操作类型的参数,例如隐藏、只读、清除数据等...
比较函数中的角色很简单:
希望有所帮助。
I have done this in many applications.
Have Windows Authentication enabled for your application.
Make some object that can store user credentials and have that object stored in the session for quick retreival. If it is not there you can quickly rebuild it. I usually have each roles set to a bit eg:
Then anytime a control needs to be secured, I pass it into a function that takes an HtmlControl and a property based on the user's role and the security requirement for that control.
Eg. bool SetControlSecurity(HtmlControl ctrl, int iUserRoles, int iControlRoles, ACTION eAction)
So an example for doing a panel might be:
SetControlSecurity(pnlUserInfo, YourUserObject.Roles, eRole.Role2, ACTION.Hide);
I usually also have it take in a param to the type of action to perform on fail of security like hide, readonly, clear data, etc...
Comparing the role in the function is easy:
Hope that helps.
我的博客上有很多关于此问题的文章。 notaclue.net/2008/05/dynamicdata-attribute-based-security.html" rel="nofollow noreferrer">使用用户角色的基于动态数据属性的权限解决方案和此处
DynamicData:基于数据库的权限 - 第 1 部分 和 I还可以查看使用路由处理程序的 保护 codeplex 上的动态数据示例 。
I have a number of articles on this on my blog here A DynamicData Attribute Based Permission Solution using User Roles and here
DynamicData: Database Based Permissions - Part 1 and I would also have alook at Securing Dynamic Data sample on codeplex which uses a Route Handler.
您可以只使用 ASP.NET Active Directory Memebrship & 角色提供者对应用程序的用户进行身份验证\授权。 然后你可以在你想要检查的地方调用 Roles.IsUserInRole让 AD 角色成员身份在呈现内容之前检查用户是否属于相关组。
You can just use the ASP.NET Active Directory Memebrship & Role providers to authenticate \ authorize the users to the application. Then you can call the Roles.IsUserInRole where ever you want to check for the AD role membership to check users are a part of the relevant group(s) before rendering the contents.