所需的网络安全信息 [英] web security information required

问题描述

我使用vb在asp.net的Web应用程序中具有一些删除编辑搜索更新功能.
我希望只有管理员才能编辑更新添加和删除用户只能查看和搜索..
我该怎么做..
共享信息或链接..
在此先感谢

i have some delete edit search update functions in my web application in asp.net using vb..
i want that only administrator can edit update add and delete user can only view and search ..
how i can do this ..
share info or link ..
thanks in advance

推荐答案

我建​​议您设置用户权限表或在用户表中添加一个名为sql权限的列.

1.列应为字符串
2.该字符串应具有用户在数据库上拥有的所有权限
3.用户权限应随用户登录名一起加载
4.字符串应如下所示:"U"更新，"S"选择，"I"插入，"D"删除，然后创建这些字符串的组合"SI"选择并插入或"SU"选择并更新或"SUID 所有角色

它所要做的就是让您在运行查询之前查找字符串并执行if测试，即if(mypermisionsstring.Indexof("D")> 0)或if(mypermisionsstring.Indexof("U")> 0 )以查看用户是否可以删除或更新，然后再运行查询.

I suggest you set up a user permissions table or add a column called sql permissions to your user table.

1. The column should be a string
2. The string should have all the right that the user has on the DB
3. The user rights should be loaded with the user login
4. The string shoul look like this "U" Update, "S" Select, "I" Insert, "D" Delete and you create combinations of these strings "SI" Select and Insert or "SU" Select and Update or "SUID" All roles

All it takes is for you to look up the string a do an if test before you run a query i.e. if( mypermisionsstring.Indexof("D")>0) or if( mypermisionsstring.Indexof("U")>0)to see if a user can delete or update before you run your query.

这篇关于所需的网络安全信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！