需要 Web.config 授权中的多个角色
是否可以在 web.config 文件的授权元素中指定需要多个角色?目前,我在网站的一个 web.config 中针对特定目录设置了此块:
<authorization>
<allow roles="Global, Region" />
<deny users="*" />
</authorization>
我刚刚确定了一种特殊情况,其中具有比全局和区域两个更低级别权限的人也应该有权访问此目录。粗略地说,我想要这样的东西:
<authorization>
<allow roles="GlobalManager, RegionManager, SiteManager && FooSite" />
<deny users="*" />
</authorization>
有什么想法吗?我意识到我可能应该为这种情况安排一个新角色,但我想避免这种情况。谢谢!
Is it possible to specify that multiple roles are required inside the authorization element of the web.config file? I currently have this block in one web.config of my site for a specific directory:
<authorization>
<allow roles="Global, Region" />
<deny users="*" />
</authorization>
I've just identified a special case where a person with two lower-level permissions than Global and Region should also have access to this directory. Roughly, I want something like this:
<authorization>
<allow roles="GlobalManager, RegionManager, SiteManager && FooSite" />
<deny users="*" />
</authorization>
Any ideas? I realize I probably should have a new role for this scenario, but I'd like to avoid that. Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为您无法通过 web.config 中允许的当前配置来做到这一点。不过,您可以执行以下操作...作为相关页面的
Page_Load事件中的第一行,请使用以下代码 (VB):这行当然假设您正在使用 FormsAuthentication。如果没有,您需要根据您的身份验证方法将
FormsAuthentication.RedirectToLoginPage()替换为适当的代码。我不完全了解您的情况,但根据您的代码,您似乎可以更进一步,添加一个包含用户到站点的映射的表,并执行如下操作:
在公共模块中,添加下面的代码:
然后你可以将前面的代码写成更符合逻辑的内容,例如:
I don't think you can do this via the current configs allowed in web.config. What you could do though is something like the following... as the very first line in your
Page_Loadevent for the page in question, use the following code (VB):This line of course is assuming you are using FormsAuthentication. If not, you would need to replace
FormsAuthentication.RedirectToLoginPage()with the appropriate code depending on your authentication method.I don't know your situation exactly, but based on your code, it looks like you could go one step further, and add a table with a mapping of users to sites, and do something like the following:
In a public module, add the following code:
Then you can write the previous code as something more logical, such as:
我通常用来解决这个问题的方法是在设置用户角色时,创建虚拟角色。因此,如果您希望仅允许学生管理员访问页面,并且用户同时具有学生和管理员角色,则可以添加新的学生管理员角色。
The method I usually use to solve this is when setting the user roles, create virtual roles. Therefore if the you wanted to only allow Student Administrators access to a page were a user has both Student and Administrator roles you could add a new StudentAdministrator role.