基于角色的安全性 [英] Role Based Security

问题描述

您好专家，

我正在编写一个Web应用程序，我想在其中使用表单身份验证实现基于角色的安全性.但是我不想使用ASPNETDB.MDF数据库，所以我创建了包含以下列的用户表:UserName，Password，Role.

我在下面写了一个班级:

Hello experts,

I am writing a web application where i want to implement role based security with form authentication. But I do not want to use the ASPNETDB.MDF database so i created my user table which has these colomns: UserName, Password, Role.

I wrote a class below:

public bool Login()
{
    SqlConnection con = new SqlConnection(this.ConnectDB());
    SqlCommand cmd = new SqlCommand();
    SqlDataReader rdr = default(SqlDataReader);
    {
        cmd.CommandType = CommandType.StoredProcedure;
        cmd.CommandText = "sp_Login";
        cmd.Parameters.AddWithValue("@Password", Password);
        cmd.Parameters.AddWithValue("@Username", Username);
        cmd.Connection = con;
    }
    bool userfound = false;
    try 
    {
        con.Open();
        rdr = cmd.ExecuteReader();
        if (rdr.Read()) 
        {
            userfound = true;
            this.Role = rdr("Role");
        }
    }
    catch (Exception ex) 
    {
        msg = "Invalid Username or Password" + ex.Message.ToString();
    }
    finally 
    {
        con.Close();
    }
    return userfound;
}

在我的LoginButon_Click事件中，我使用了

In my LoginButon_Click event i used

Session("Role") = objlogin.Role;

但是角色已保存在会话中，因此我不能限制不是特定角色的人不能访问某些页面.

请问有没有更好的方法可以在没有ASPNETDB.MDF数据库的情况下做到这一点.

but the role is save in the session, hence i cant restrict people who are not in particular role not to access some pages.

Please is there any better way i can do this without ASPNETDB.MDF database.

推荐答案

您可以使用SQL Server数据库，运行aspnetregsql [ ^ ]来创建和配置数据库表.否则，您将需要创建 MembershipProvider [ RoleProvider [ ^ ]

You can use a SQL Server database, run aspnetregsql[^] to create and configure the database tables. Otherwise you''ll need to create an implementation of MembershipProvider[^] and RoleProvider[^]

这篇关于基于角色的安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！