ASP.NET 访问控制
我正在尝试构建一个 ASP.NET 3.5 网站,允许用户登录并浏览几个页面。我想限制某些用户能够查看某些页面,但我在想出一个自定义且灵活的系统时遇到了困难。我看过 MS 的版本,但这不是我想要的。谁能指导我一些好的在线文章甚至视频教程,以便我可以进行进一步的研究。谢谢!
PS 我尝试创建一个继承自 System.Web.UI.Page 的类,它会进行一些检查,但它变得混乱。我的所有其他页面都继承自该公共页面。这是常见做法吗?你们过去是如何解决这个问题的?
I am trying to build an ASP.NET 3.5 website that allows users to log in and browse a couple of pages. I would like to restrict certain users to be able to view certain pages but I'm having trouble coming up with a custom and flexible system. I have seen MS's version of this but it's not what I am looking for. Can anyone direct me to some good online articles or even a video tutorial so I can do further research. Thanks!
P.S. I have tried creating a class that inherits from System.Web.UI.Page which does some checking but it's getting messy. All my other pages inherit from that common page. Is this a common practice? How have you guys solved this problem in the past?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
实现这一点的最佳方法是表单身份验证与自定义角色提供程序相结合。
希望您知道,要使表单身份验证发挥作用,您不必使用 MS 用于身份验证的完整数据库设置。
您可以简单地拥有自己的数据库并自己验证用户,然后设置 cookie。
如果 YourMethod 返回 true,这将对会话的用户“CoolGuy”进行身份验证。
您可以将其与自定义角色提供程序结合使用。这使您可以方便地检查 User.IsInRole("Role");在你的代码中。
要从 CustomRoleProvider 开始..这里是一个很好的参考... http://davidhayden.com/blog/dave/archive/2007/10/17/CreateCustomRoleProviderASPNETRolePermissionsSecurity.aspx
The best way to implement this would be, Forms Authentication coupled with Custom Role Provider.
Hope you know, for Forms Authentication to work, you need not have to use the Complete Database Setup that MS uses to Authenticate.
You can simply have your own Database and Validate a user yourself, and just set the cookie.
This will authenticate the user "CoolGuy" for the session, provided YourMethod returns true.
You can use this, coupled with custom role provider. This gives you the facility to check User.IsInRole("Role"); in your code.
To Start with CustomRoleProvider.. here is a good reference... http://davidhayden.com/blog/dave/archive/2007/10/17/CreateCustomRoleProviderASPNETRolePermissionsSecurity.aspx
好吧,在不知道应用程序的确切细节的情况下,您可以使用的一件事是内置于会员 API 中的角色管理器。
基本上,您将为每个页面创建角色,并将用户分配给您希望他们查看的角色(页面)。
在每个页面的后面代码中,在 On_Load 事件上,我将简单地调用该方法
对于这种逻辑,您可能需要重新考虑使用继承的页面,否则您将不得不想出一种方法来检索页面的 URL 并将其传递到一些 if-else 或 switch 语句的长列表中以调用正确的
Roles.IsUserInRole方法。Well, without knowing the exact details of your app, one thing you could use is the Role Manager built into the Membership API.
Basically, you would create roles for each page and assign users to the roles (pages) you would want them to view.
In the code behind for each page, on the On_Load event, I would simply call the method
For this kind of logic you may want to reconsider using an inherited page, otherwise you're going to have to come up with a way to retrieve the URL of the page and pass that into some long list of if-else or switch statements to call the proper
Roles.IsUserInRolemethod.