RoleProvider 挂接到 ASP.NET 管道中的哪个位置?

发布于 2024-11-10 06:36:23 字数 269 浏览 5 评论 0原文

据我所知,唯一使用 RoleProvider 的地方是当您使用 Authorize 属性时。我还可以在哪里使用 RoleProvider 以及除了我可能专门引用角色的地方之外的任何地方都会调用它(我的想法类似于登录控件如何自动使用 MembershipProvider)

换句话说,如果我编写我自己的角色管理层,但不实现实际的 RoleProvider 契约,我会错过 ASP.NET 中的哪些内置功能?

The only place I know of that a RoleProvider gets used is when you use an Authorize attribute. Where else can I use a RoleProvider and does it get invoked anywhere other than places I might specifically reference roles (I'm thinking similar to how the Login controls automatically use MembershipProvider)

Said in another way, if I write my own role management layer, but don't implement the actual RoleProvider contract, what built-in functionality in ASP.NET will I be missing out on?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

自控 2024-11-17 06:36:23

以下是内置 RoleProvider 增加价值的几种方式:

1:LoginView 控件使用角色来允许您向不同的角色显示不同的内容。它将挂钩到 RoleProvider 来执行此操作。

通过 LoginView 控件使用角色的示例:

<asp:LoginView id="LoginView1" runat="server">
    <RoleGroups>
        <asp:RoleGroup Roles="author">
            <ContentTemplate>
                some content here based on if user is in 'author' role....
            </ContentTemplate>
        </asp:RoleGroup>
        <asp:RoleGroup Roles="editor">
            <ContentTemplate>
                some content here based on if user is in 'editor' role....
            </ContentTemplate>
        </asp:RoleGroup>
    </RoleGroups>
</asp:LoginView>

2:您可以通过 web.config 设置授予对服务器上物理路径(即子文件夹等)的访问权限,如:

<configuration>
  <location path="MemberPages">
    <system.web>
      <authorization>
        <allow roles="members, administrators" />
        <deny users="*" />
      </authorization>
    </system.web>
  </location>
  <!-- other configuration settings here -->
<configuration>

3:您可以轻松检测用户角色并在代码中执行操作,如:

if (User.IsInRole("members"))
{
   //do something
}
else
{
   //do something else
}

列表不胜枚举。老实说,这个讨论已经进行过很多次了——不要通过创建自己的角色系统来重新发明轮子。只需实现抽象角色提供者即可完成。这是一篇关于 ASP.NET 中的角色管理

编辑:在您澄清您实际上想知道 RoleProvider 在 MVC 下如何为您带来好处之后,您需要的内容如下:

ASP.NET MVC - 角色提供程序的替代方案?

Here are a few ways the built-in RoleProvider adds value:

1: The LoginView control uses roles to allow you to show different content to different roles. It will hook into the RoleProvider to do so.

Example of using roles with the LoginView control:

<asp:LoginView id="LoginView1" runat="server">
    <RoleGroups>
        <asp:RoleGroup Roles="author">
            <ContentTemplate>
                some content here based on if user is in 'author' role....
            </ContentTemplate>
        </asp:RoleGroup>
        <asp:RoleGroup Roles="editor">
            <ContentTemplate>
                some content here based on if user is in 'editor' role....
            </ContentTemplate>
        </asp:RoleGroup>
    </RoleGroups>
</asp:LoginView>

2: You can grant access to physical paths on the server (i.e. subfolders, etc.) by web.config settings, such as:

<configuration>
  <location path="MemberPages">
    <system.web>
      <authorization>
        <allow roles="members, administrators" />
        <deny users="*" />
      </authorization>
    </system.web>
  </location>
  <!-- other configuration settings here -->
<configuration>

3: You can easily detect user roles and take actions in code, such as:

if (User.IsInRole("members"))
{
   //do something
}
else
{
   //do something else
}

The list goes on and on. This discussion has honestly been had many times - don't reinvent the wheel by creating your own role system. Just implement the abstract role provider and be done with it. Here is a good article on the background of Role Management in ASP.NET.

EDIT: After you clarified you actually want to know how the RoleProvider benefits you under MVC, here is what you are looking for:

ASP.NET MVC - Alternative to Role Provider?

ま昔日黯然 2024-11-17 06:36:23

对您的问题的直接回答是“”。 RoleProvider 或任何其他提供程序不参与 ASP.Net 的主流管道,并且 ASP.Net 请求不需要任何 RoleProvider 来完成请求。

我不会提供技术材料,而是回答一个更具哲学性的答案,并尊重 KP 在答案中所做的努力。

RoleProvider 基本上是 ASP.Net 的功能附加组件,可让您在角色系统上工作,而无需在运行时了解任何功能细节。 ASP.Net 2.0 引入了一种处理用户和角色的全新方式。他们没有提供集成的用户和角色管理,而是决定使其可扩展且易于使用。他们创建了一个名为“Provider”的新模式,并为每个功能(如用户、角色和会话)提供了默认提供程序。它们被称为 MembershipProvider、RoleProvider 和 SessionProvider。但是,Microsoft 并不限制您只能使用 ASP.Net 2.0 附带的提供程序。您可以定义自己的 MembershipProvider 并在 web.config 中将它们声明为默认提供程序。 ProviderBase 类将强制您实现每个方法,以使您的提供程序能够紧密地工作,并且当您从 web.config 将它们设置为默认时,在运行时您不需要知道系统中可能拥有的任何目标提供程序的详细信息。客户端代码在任何特定提供商之间都是一致的。

希望这有帮助。

Stright-forward answer to your question would be "No". RoleProvider or any other provider do not participate in main-stream pipeline of ASP.Net and ASP.Net request does not need any RoleProvider to fulfill the request.

Rather than putting the technical material, I'd answer a more philosophical answer and respect the efforts put in by KP in the answer.

RoleProvider is basically a functional add-on to ASP.Net that lets you work against your Role-system without having to know any functional details at run-time. ASP.Net 2.0 introduced a whole new way of dealing with users and roles. Rather then providing integrated user and role management they decided to make it extensible yet easy to use. They created a new pattern called "Provider" and shipped default providers for each functionality, like user, role and session. They are known as MembershipProvider, RoleProvider and SessionProvider. However, Microsoft does not restrict you to use only the providers shipped with ASP.Net 2.0. You can define your own MembershipProvider and declare them in web.config as default provider. The ProviderBase class would force you to implement each method to let your provide work cohesively and when you make them default from web.config, at runtime you need not know the details of the any target provider that you may have in the system. The client-code is consistent across any specific provider.

Hope this helps.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文