ASP.NET 授权设置

发布于 2024-09-07 04:28:52 字数 468 浏览 3 评论 0原文

我想在 ASP.NET 应用程序中设置授权权限。

因此,在一个特定文件夹中,我想拒绝一个特定用户的访问,该用户角色被授予为允许该特定用户。

 <authorization>
            <allow roles="General" />
            <allow roles="Sale" />
            <allow roles="Administrator" />
            <deny users="admin_test" />
 </authorization>

但是,当我尝试使用 admin_test 帐户访问该特定文件夹中的页面时,系统允许我访问该页面而不是拒绝访问。

谁能指出上面的配置有什么问题吗?

任何帮助将不胜感激。

问候,

I want to setup a authorization permission in ASP.NET application.

Hence , in one particular folder I want to deny the access of one particular user which user role is granted as allow for that particular.

 <authorization>
            <allow roles="General" />
            <allow roles="Sale" />
            <allow roles="Administrator" />
            <deny users="admin_test" />
 </authorization>

However , when I tried to access the pages from that particular folder by using the admin_test account , system allow me to access the page instead of denying the access.

Can anyone point out what wrong with above configuration?

Any help would be much appreciated.

Regards,

Ran

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

忆沫 2024-09-14 04:28:52

您需要首先列出deny。授权引擎将在第一个匹配规则处停止

在运行时,授权模块从最本地的配置文件开始迭代允许和拒绝元素,直到授权模块找到适合特定用户帐户的第一个访问规则。然后,授权模块根据找到的第一个访问规则是允许还是拒绝规则来授予或拒绝对 URL 资源的访问。

You need to have the deny listed first. The authorization engine will stop on the first matching rule:

At run time, the authorization module iterates through the allow and deny elements, starting at the most local configuration file, until the authorization module finds the first access rule that fits a particular user account. Then, the authorization module grants or denies access to a URL resource depending on whether the first access rule found is an allow or a deny rule.

屋顶上的小猫咪 2024-09-14 04:28:52

根据 http://msdn.microsoft.com/en-us/library/ wce3kxhd.aspx

规则应用如下:

应用程序级别包含的规则
配置文件优先
超越继承的规则。系统
确定哪个规则优先
通过构建所有的合并列表
URL 的规则,包含最新的
规则(层次结构中最接近的规则)
在列表的开头。

给定一组合并规则
应用程序,ASP.NET 启动于
列表头部和检查规则
直到找到第一个匹配项。这
ASP.NET 的默认配置
包含一个元素,
它授权所有用户。 (经过
默认情况下,该规则最后应用。)
如果没有其他授权规则匹配,
该请求被允许。如果匹配是
找到并且匹配是拒绝元素,
请求返回 401
HTTP 状态代码。如果允许元素
匹配,模块允许该请求
待进一步处理。

因此,如果 admin_test 用户属于常规、销售、管理员角色中的任何一个,它将首先匹配并允许访问。尝试将拒绝规则放在允许规则之前。

According to http://msdn.microsoft.com/en-us/library/wce3kxhd.aspx

Rules are applied as follows:

Rules contained in application-level
configuration files take precedence
over inherited rules. The system
determines which rule takes precedence
by constructing a merged list of all
rules for a URL, with the most recent
rules (those nearest in the hierarchy)
at the head of the list.

Given a set of merged rules for an
application, ASP.NET starts at the
head of the list and checks rules
until the first match is found. The
default configuration for ASP.NET
contains an element,
which authorizes all users. (By
default, this rule is applied last.)
If no other authorization rules match,
the request is allowed. If a match is
found and the match is a deny element,
the request is returned with the 401
HTTP status code. If an allow element
matches, the module allows the request
to be processed further.

So if the admin_test user is in any of General, Sale, Administrator roles, it will match first and allow the access. Try putting the deny rule before allow rules.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文