在ASP.NET的手动访问控制 [英] Manual Access control in ASP .Net
问题描述
有没有一种方法,我可以限制访问的页面没有内置的基于角色的方式吗?
Is there a way I can restrict access to pages without the built in role based way?
从本质上讲,如果用户试图访问admin.aspx然后将其重定向到的login.aspx和放大器; REDIRECT_URL = admin.aspx
Essentially if the user tries to access admin.aspx then it redirects to login.aspx&redirect_url=admin.aspx
\\届时,他们将与他们的凭证回传,我会给他们一个会话cookie等等。
\then, they will postback with their credentials and I will give them a session cookie and so forth.
有没有这方面的一个例子吗?
Is there an example of this?
感谢
编辑:
我不能使用ASP.NET做它,因为我的数据库与用户名和密码的员工的方式。 ASP创建自己的角色和这样
I cannot use the way ASP.NET does it because my database has employees with usernames and passwords. ASP creates its own with roles and such
推荐答案
首先,你应该设置的 FormsAuthentication 上登录cookie。所以,在你的code,在成功登录,您可以设置的cookie:
First, you should set a FormsAuthentication cookie on login. So, in your code, on successful login you can set the cookie with:
FormsAuthentication.SetAuthCookie(theUsername, true);
或更好,但你可以用它来处理cookie并重定向:
or better yet, you can use this to handle the cookie and the redirect:
FormsAuthentication.RedirectFromLoginPage(theUsername, true);
(true,如果你想cookie来坚持)
(true if you want to cookie to persist)
在您可以通过将一个web.config文件夹中的安全管理文件夹:
The you can secure the admin folder by putting a web.config file in that folder:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow users="adminusername1,adminusername2"/>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
当有人点击该文件夹管理,他们还没有登录,它会自动将其发送到的login.aspx?RETURNURL = admin.aspx
Now when someone hits that admin folder and they aren't logged in, it will automatically send them to login.aspx?ReturnUrl=admin.aspx
现在
另一个要考虑的是实现自己的 RoleProvider 。这是少了很多艰巨的,你可能认为。如果你需要把人带进角色(Admin之类的),那么这是一个不错的主意。
Another thing to consider would be to implement your own RoleProvider. It's a lot less daunting that you may think. If you need to put people into roles (like Admin), then this is a good idea.
这篇关于在ASP.NET的手动访问控制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!