如何使用 SQL 存储而不是 web.config 在 ASP.NET 中实现页面授权?
例如,我们现在这样做的方式如下:(在 web.config 中)
<location path="somePath">
<system.web>
<authorization>
<allow roles="approvedRoles"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
而我想做的是将这些信息存储在 SQL 中的某个位置,以便我们可以更轻松地操作这些信息。但我们希望保留 web.config 中的信息提供的相同功能,就像我们可以使用 SqlRoleProvider 而不是在应用程序中硬编码角色一样。换句话说,如果用户当前尝试转到“somePath”并且他们不是“approvedRoles”的成员,那么他们会被重定向回default.aspx,如果他们是“approvedRoles”的成员,那么他们会得到页。我想做同样的事情,但不使用 web.config 作为授权机制。
所以我问的不是如何定义角色,或者如何处理登录到数据库,而是具体如何将上述信息存储在 SQL 而不是 web.config 中。实际上,我现在会选择“除了 web.config 之外的任何地方”。
有什么想法吗?使用“Provider”类可以做到这一点吗?我只是在寻找有关继承内容的指示,也许还有一些 technet 文档。在这方面,我的 googlefoo 缺乏,因为我真的不知道该指向哪里。我真的只是在寻找阿兹曼吗?这个 location-authorization-via-SQL 是否已在默认的 aspnetdb 某处定义,而我错过了它?
就此而言,这个问题是否已经在 SO 上被问过而我错过了?你会用谷歌搜索什么?
For instance, the way we're doing it now is like thus: (in the web.config)
<location path="somePath">
<system.web>
<authorization>
<allow roles="approvedRoles"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
And what I would like to do instead is to store this information in SQL somewhere so that we can manipulate the information more easily. But we want to keep the same functionality that having the information in web.config provides, just like we can use a SqlRoleProvider instead of hardcoding roles in the app. So in other words, if a user currently tries to goto "somePath" and they're not a member of "approvedRoles" then they get redirected back to default.aspx, and if they are a member of "approvedRoles" then they get the page. I want to do the same thing, but without using web.config as the authorization mechanism.
So what I'm NOT asking is how do I go about defining roles, or how do I handle logging in to the database, but specifically how do I store the above information in SQL instead of web.config. Actually, I'll take "anywhere but web.config" for now.
Any ideas? Is this possible using a "Provider" class? I'm just looking for pointers on what to inherit and maybe some technet documentation. In this regard my googlefoo is lacking since I don't really know where to point. Am I really only looking for AzMan? Is this location-authorization-via-SQL already defined in the default aspnetdb somewhere and I'm missing it?
For that matter, has this question already been asked on SO and I've missed it? What would you google?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您可以编写自己的授权控件,手动检查当前用户所处的角色,并将其与页面列表及其各自的角色权限进行比较,然后将此控件嵌入到您的所有页面中。
You could write your own authorization control that manually checks what roles the current user is in and compares this to a list of pages and their respective role allowances, then embed this control in all your pages.
最好的办法是处理 HttpApplication.AuthorizeRequest 事件。此时,HttpContext.User 对象已设置,您可以进行任何您想要的分析,例如根据 HttpContext.User.IsInRole 和当前请求路径检查数据库表。
The best thing to do is handle the HttpApplication.AuthorizeRequest event. At this point, the HttpContext.User object is set and you can do whatever analysis you want, such as checking a database table against HttpContext.User.IsInRole and the current request path.
自 Windows Server 2008 和 SQL Sever 2008 以来,Azman 可以将 SQL 数据库作为数据存储。如果我没有任何附加到需要迁移到新服务器的旧应用程序,我会选择 Azman。
连接到基于 SQL 的授权存储
Azman can have SQL database as a data store since Windows Server 2008 and SQL Sever 2008. I would go with Azman if I don't have any attach to legacy applications which need to migrate to new servers.
Connect to an SQL-based Authorization Store