ASP.NET:向不同的网络表单添加限制 [英] ASP.NET : Adding Restrictions to different webforms

问题描述

我目前正在寻找一些建议 &帮助我如何避免人们访问页面，除非他们 (1) 已登录，(2) 具有访问该页面的正确角色.

I am currently looking for some advise & help to how I can avoid people from accessing pages unless they are (1) Logged in , (2) Have the correct role to visit that page.

到目前为止，我已经完成了登录页面/注册页面&还有一些页面.我还有一个链接到这些页面的数据库，用于存储用户和他们各自的角色(目前在注册用户可以选择是管理员或普通用户)

So far I have done a Login Page / Registration Page & Some more Pages. I also have a database linked to these pages that stores the users & their respective role (Currently on registration the user can select to be an admin or a normal user)

现在我希望，如果任何甚至不是用户的人试图通过更改 URL 来访问页面，系统都会阻止该行为并将他重定向到错误页面，依此类推.

Now I would like that if anyone who is not even a user tries to access a Page by changing the URL , the system would block that and re-direct him to an error page, and so-on so forth.

推荐答案

您可以对 web.config 中的特定页面或文件夹使用授权规则.下面的代码片段将只允许对 AdminFolder 具有管理员角色的用户进行访问.

You can use authorization rules for a particular page or folder in web.config. The below code snippet will only allow access to users with admin role to the AdminFolder.

<location path="AdminFolder">
system.web>
<authorization>
<allow roles="Admin"/> //Allows users in Admin role
<deny users="*"/> // deny everyone else
</authorization>
</system.web>
</location>

您可以根据需要进行扩展.有一个非常有用的博客 这里

You can expand as required. There's a very useful blog here

这篇关于ASP.NET:向不同的网络表单添加限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！