asp.net网站地图管理员查看用户看到的内容 [英] asp.net sitemap admin seeing what a user sees
问题描述
我目前正在尝试找出如何最好地为我的应用程序实现管理方面.
我有一个用户站点,用户可以在其中登录,自定义其个人资料,提交信息等.我希望管理用户能够登录并能够从用户列表中进行选择.从那里,管理员可以像用户一样为用户提交信息.
网站起始页>罗杰·兔子(RogerRabbit)提交资料网站起始页>比利·鲍勃>自订设定档 所以我的问题是:
- 如何布置我的页面?
- Web.sitemap文件应如何显示?有没有一种创建站点地图的好方法(也许在内存中?)
- 此方法是否必须使用会话变量?
任何建议或技巧都很好.
我无法回答您的站点地图问题,但是我已经在我们的一个系统上实现了这样的解决方案,通过该解决方案,我可以准确地看到最终用户看到的内容冒充他们.我这样做主要是为了进行故障排除,以便当他们向我报告问题时(例如,他们视野中缺少的东西),我可以走进他们的视线,并确切地了解他们在说什么.
我这样做的方式(虽然有点粗略)是在我的数据库中有一个模拟表,其中包含进行模拟的用户的登录名和他们希望模拟的用户的登录./p>
我添加了一些替代代码,以便当用户首次访问该页面时(它使用Windows身份验证),它将检查该用户是否在表中设置了模拟,然后将该用户ID放在以下对象中会话状态.如果没有模拟,则会将实际的用户ID放在同一对象中.
为防止我对用户数据进行处理,此对象中有两个属性,一个属性用于logon_name,这是系统用于内容自定义的属性,另一个属性是NameForLog,该属性用于以下情况:记录任何动作.我所做的所有操作都将以我的身份记录.
网站上显示用户自定义内容的所有区域都将查看此会话对象,因此它们将始终使用模拟的ID,因此始终向我显示用户所看到的内容.除了第一页和记录代码之外,它甚至都不知道它正在处理的是我自己.
这不是最干净的解决方案,但对我来说效果很好.
I am currently trying to figure out how to best go about implementing an administration side for my application.
I have a user site, where users can log in, customize their profile, submit information etc. I would like administration users to be able to log in and be able to choose from a list of users. From there, the administrator can submit information for the user just like the user can.
Website Start Page > RogerRabbit > Submit Information
Website Start Page > BillyBob > Customize Profile
So my question is:
- How should my pages be laid out?
- How should the Web.sitemap file look? Is there a nice way of creating a sitemap (maybe in memory?)
- Would this method have to use session variables?
Any suggestions, or tips would be great.
I can't answer your sitemap question but I have implemented a solution like this on one of our systems where I can see exactly what the end user is seeing by impersonating them. I did this mainly for troubleshooting purposes so that when they report a problem to me (such as something missing from their view), I can go in as them and see exactly what they are talking about.
The way I did this, which is admittedly a little crude, was to have an impersonation table in my database which contains the logon name of the user who is doing the impersonating and the logon of the user they wish to impersonate.
I added some override code so that when the user first goes to the page (it uses Windows authentication), it will check to see if that user has an impersonation set in the table and then place this user id in an object in the session state. If there was no impersonation, it would place the actual user id in this same object.
To prevent me from doing things to the user's data as them, there are two properties in this object, one for logon_name, which is what is used by the system for content-customization, and another called NameForLog, which is used when logging any actions. All actions I make will be logged as me.
All areas on the site that display user-customized content look at this session object, so they will always use the impersonated ID and therefore always show me what the user is seeing. Beyond the first page and the logging code, it doesn't even know that it is me it is dealing with.
It isn't the cleanest solution, but it has worked well for me.
这篇关于asp.net网站地图管理员查看用户看到的内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
