ASP.NET:向不同的网络表单添加限制 [英] ASP.NET : Adding Restrictions to different webforms
问题描述
我目前正在寻找一些建议 &帮助我如何避免人们访问页面,除非他们 (1) 已登录,(2) 具有访问该页面的正确角色.
I am currently looking for some advise & help to how I can avoid people from accessing pages unless they are (1) Logged in , (2) Have the correct role to visit that page.
到目前为止,我已经完成了登录页面/注册页面&还有一些页面.我还有一个链接到这些页面的数据库,用于存储用户和他们各自的角色(目前在注册用户可以选择是管理员或普通用户)
So far I have done a Login Page / Registration Page & Some more Pages. I also have a database linked to these pages that stores the users & their respective role (Currently on registration the user can select to be an admin or a normal user)
现在我希望,如果任何甚至不是用户的人试图通过更改 URL 来访问页面,系统都会阻止该行为并将他重定向到错误页面,依此类推.
Now I would like that if anyone who is not even a user tries to access a Page by changing the URL , the system would block that and re-direct him to an error page, and so-on so forth.
推荐答案
您可以对 web.config
中的特定页面或文件夹使用授权规则.下面的代码片段将只允许对 AdminFolder
具有管理员角色的用户进行访问.
You can use authorization rules for a particular page or folder in web.config
. The below code snippet will only allow access to users with admin role to the AdminFolder
.
<location path="AdminFolder">
system.web>
<authorization>
<allow roles="Admin"/> //Allows users in Admin role
<deny users="*"/> // deny everyone else
</authorization>
</system.web>
</location>
您可以根据需要进行扩展.有一个非常有用的博客 这里
You can expand as required. There's a very useful blog here
这篇关于ASP.NET:向不同的网络表单添加限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!