如何使用 FORMS 在 ASP.NET 中管理角色
所以我正在为我的 asp.net 站点制作一个登录系统。有 3 种不同类型的用户。我发现 FORMS 可以管理角色,所以我决定尝试一下。
我目前在 FORMS 中拥有与身份验证相关的所有内容 - 但没有角色。我发现这段代码应该限制对特定页面的访问。但每个人仍然可以访问该页面。这很奇怪,因为我没有将任何人添加到“成员”角色中。首先,我只添加了 1 个角色来查看人们是否被阻止访问该页面。
<configuration>
<connectionStrings>
//EDITED
</connectionStrings>
<system.web>
<roleManager enabled="true" />
<customErrors mode ="Off">
</customErrors>
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/">
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
<location path="RandomPage.aspx">
<system.web>
<authorization>
<allow roles="Member" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
用于将角色添加到 FormsAuthenticationTicket 的代码。 P.Userole 包含字符串“Member”
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, //Ticket version
p.firstName, //username
DateTime.Now,
DateTime.Now.AddMinutes(30),
false, //true for persistant user cookie
p.userRole+"",
FormsAuthentication.FormsCookiePath);
string hashCookies = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies);
Response.Cookies.Add(cookie);
Response.Redirect("Default.aspx");
So I'm making a login system for my asp.net site. There are 3 different types of users. I've discovered that FORMS can manage roles so I decided to try this.
I have everything working with authentication in FORMS currently - but without roles. I found this piece of code that should limit access to a specific page. But everyone can still access that page. which is odd because I haven't added anyone to the role "member". to start off with I only added 1 role to see if people were blocked from the page.
<configuration>
<connectionStrings>
//EDITED
</connectionStrings>
<system.web>
<roleManager enabled="true" />
<customErrors mode ="Off">
</customErrors>
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/">
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
<location path="RandomPage.aspx">
<system.web>
<authorization>
<allow roles="Member" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
Code for adding the roles to FormsAuthenticationTicket. P.Userole contains the string"Member"
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, //Ticket version
p.firstName, //username
DateTime.Now,
DateTime.Now.AddMinutes(30),
false, //true for persistant user cookie
p.userRole+"",
FormsAuthentication.FormsCookiePath);
string hashCookies = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies);
Response.Cookies.Add(cookie);
Response.Redirect("Default.aspx");
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我确定,成功登录后您没有将角色添加到
FormsAuthenticationTicket中。它应该像...您需要将登录用户的角色传递给
FormsAuthenticationTicket才能使其工作。因为您刚刚仅在 web.config 文件中添加了权限。I am sure, you did not add roles to the
FormsAuthenticationTicketafter successfull login. It should be like...You need to pass the roles of the logged in user to the
FormsAuthenticationTicketto get it work. As you just added permission rights only in the web.config file.