ASP.NET 权限框架？

发布于 2024-12-07 03:24:29 字数 1315 浏览 2 评论 0原文

问题

ASP.NET 没有将权限与角色关联的概念。

我的应用程序

当前的 Web 应用程序正在使用自定义用户成员资格和角色提供程序。该应用有 4 个角色：超级用户、管理员、校长和教师。当用户登录时，他们会被重定向到相应的 UI。例如，管理员被重定向到管理界面，教师被重定向到教师界面。每个界面都有自己的母版页和aspx页面。新的要求是教师不再被允许查看特定信息或执行特定功能。信息可以是 gridview 控件中的一个字段或一行，它也可以是功能性的（例如，无法单击链接来打开弹出窗口，但仍然能够看到链接的文本）。其他角色也有特定的“许可”要求，但与教师完全不同。

建议的解决方案

创建一个数据库表来集中权限到角色的映射，如下所示：

CREATE TABLE [dbo].[PermissionToRole](
    [PermissionID] [int] IDENTITY(1,1) NOT NULL primary key,
    [Role] int NOT NULL,
    [Control] [varchar](50) NOT NULL,
    [ControlType] [varchar](50) NOT NULL,
    [Function] [varchar](50) NOT NULL,
    [Read] [bit] NULL,
    [Write] [bit] NULL,
    [Execute] [bit] NULL,
    [Delete] [bit] NULL
)

使用上面的链接示例，我们会得到类似：“teacher”， "labelName", "asp:label", "click", 1, 0, 0, 0 （可以读取链接，但不是“执行”点击）

该计划是能够做一些事情：

使用权限将多个 aspx 和逻辑合并到单个页面 (aspx) 中。每次需要新角色时减少维护。
在所有级别（选项卡 -> 控制）控制角色（又名组）的权限。例如，使用此表来控制每个级别（选项卡、页面、控件）的控件的可见性。以及单独的功能（例如单击链接控件）
控制将哪些数据返回到 UI 以及允许哪些 CRUD 操作。

是否有 ASP.NET 框架可以做到这一点？ 我很确定内容管理系统 (CMS) 可以做到这一点，但此应用程序不会使用 CMS :)。我真的想避免重新发明轮子。

谢谢！

原文

Problem

ASP.NET has no concept of associating permissions to roles.

My app

Current web application is using custom user membership and role providers. The app has 4 roles: superuser, admin, principal, and teacher. When the user logs in, they are redirected to their appropriate UI. For example, admins are redirected to admin interface, teachers are redirected to teacher interface. Each interface has its own master page and aspx pages. A new requirement is that teachers are no longer allowed to view specific information or do specific functions. Information could be a field or a row in a gridview control, it could be functional as well (e.g. not able to click on a link to open a popup window, but still be able to see the link's text). Other roles also have need of specific "permission" requirements, but completely different than the teachers ones.

Proposed Solution

Create a database table to centralize mapping of permissionsToRoles like so:

CREATE TABLE [dbo].[PermissionToRole](
    [PermissionID] [int] IDENTITY(1,1) NOT NULL primary key,
    [Role] int NOT NULL,
    [Control] [varchar](50) NOT NULL,
    [ControlType] [varchar](50) NOT NULL,
    [Function] [varchar](50) NOT NULL,
    [Read] [bit] NULL,
    [Write] [bit] NULL,
    [Execute] [bit] NULL,
    [Delete] [bit] NULL
)

Using the link example above we would get something like: "teacher",
"labelName", "asp:label", "click", 1, 0, 0, 0 (can read the link but
not "execute" the click)

The plan is to be able to do a few things:

Use permissions to consolidate multiple aspx and logic into a single page (aspx). To reduce maintenance every time a new role is needed.
Control at a all levels (tab -> control) a roles' aka groups' permissions. E.g. use this table to control visibility of controls at every level (tab, page, control). As well as individual functionality (e.g. click on a link control)
Control what data is returned to the UI and what CRUD operations are allowed.

Are there frameworks out there for ASP.NET that can do this already? I'm pretty sure Content Management Systems (CMS) can do this, but this app will not use a CMS :). I really want to avoid reinventing the wheel.

Thanks!

分享到QQ

分享到微博