基于角色的安全性 [英] Role Based Security
问题描述
您好专家,
我正在编写一个Web应用程序,我想在其中使用表单身份验证实现基于角色的安全性.但是我不想使用ASPNETDB.MDF数据库,所以我创建了包含以下列的用户表:UserName,Password,Role.
我在下面写了一个班级:
Hello experts,
I am writing a web application where i want to implement role based security with form authentication. But I do not want to use the ASPNETDB.MDF database so i created my user table which has these colomns: UserName, Password, Role.
I wrote a class below:
public bool Login()
{
SqlConnection con = new SqlConnection(this.ConnectDB());
SqlCommand cmd = new SqlCommand();
SqlDataReader rdr = default(SqlDataReader);
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "sp_Login";
cmd.Parameters.AddWithValue("@Password", Password);
cmd.Parameters.AddWithValue("@Username", Username);
cmd.Connection = con;
}
bool userfound = false;
try
{
con.Open();
rdr = cmd.ExecuteReader();
if (rdr.Read())
{
userfound = true;
this.Role = rdr("Role");
}
}
catch (Exception ex)
{
msg = "Invalid Username or Password" + ex.Message.ToString();
}
finally
{
con.Close();
}
return userfound;
}
在我的LoginButon_Click
事件中,我使用了
In my LoginButon_Click
event i used
Session("Role") = objlogin.Role;
但是角色已保存在会话中,因此我不能限制不是特定角色的人不能访问某些页面.
请问有没有更好的方法可以在没有ASPNETDB.MDF数据库的情况下做到这一点.
but the role is save in the session, hence i cant restrict people who are not in particular role not to access some pages.
Please is there any better way i can do this without ASPNETDB.MDF database.
推荐答案
您可以使用SQL Server数据库,运行aspnetregsql [ ^ ]来创建和配置数据库表.否则,您将需要创建 MembershipProvider [ RoleProvider [ ^ ]
You can use a SQL Server database, run aspnetregsql[^] to create and configure the database tables. Otherwise you''ll need to create an implementation of MembershipProvider[^] and RoleProvider[^]
这篇关于基于角色的安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!