与窗体身份验证,使用数据库用户和角色的基于角色的安全性 [英] Role-based Security with Forms Authentication , use database for users and roles
问题描述
我使用窗体身份验证和角色的身份验证在Web登录应用程序的工作。
I'm working on a web login application using forms authentication and role authentication.
我不那么熟悉的角色身份验证,我已经在谷歌搜索一些教程,但我无法理解。
I'm not so familiar with the role authentication , I've searched in google for some tutorials but I couldn't understand.
因此,
- 1.对于建立具有一定作用的所有用户必须在这里完成:
http://i1.asp.net/asp.net/图片/ PSS / module08_06.jpg (不过,我想存储在asp.net sql数据库的用户信息和角色)
http://i1.asp.net/asp.net/images/pss/module08_06.jpg ( but , I want to store users info and roles in the asp.net sql database )
我认为到目前为止是创建与以下表列的数据库:
What I thought so far is to create a database with the followings table columns:
1.ID(int,primary)
2.Username(varchar(10))
3.Password(varchar(10))
4.RoleType(varchar(10)) - Roles are : Admin / User
在登录时,检查用户放大器;通
是有效的,如果是,则选择角色类型
从数据库当前用户。
On login , check if the user&pass
are valid if yes then select the roletype
from the database for the current user .
If roletype = Admin
Redirect to a certain page
else if roletype = user
Redirect to other page
但我不认为asp.net页面知道,一列用于角色类型
为角色
和它没有任何意义,我的意思是有℃之间没有连接如,让用户=管理/>
和我的一个名为列角色类型
But I don't think asp.net web page knows that the column RoleType
is used for roles
and it doesn't make sense , I mean there's no conection between <allow users="Admin"/>
and my column for called RoleType
<location path="\Admin\">
<system.web>
<authorization>
<allow users="Admin"/> //this
<deny users="*"/>
</authorization>
所以,如果有人不介意帮助我,我真的AP preciate。
谢谢
So , if anyone wouldn't mind helping me , I would really appreciate. Thanks
推荐答案
ASP.NET附带了创建用户(会员)和角色数据库里面有所有你需要正确的架构一个内建的工具。
ASP.NET Comes with a builtin tool for creating a User (Membership) and Roles Database which has all the correct schemas you will need.
我强烈建议你从那里开始,instaed试图推出自己的。
I'd strongly suggest you start there, instaed of attempting to roll your own.
http://msdn.microsoft.com/en-us/library/ x28wfk74.aspx
一旦你这样做,是微不足道的使用内置的用户/角色管理屏幕和放大器;内置的SqlMembershipProvider和放大器; SqlRoleProvider
Once you've done that, it's trivial to use the built in user/role management screens & the built in SqlMembershipProvider & SqlRoleProvider
修改
快速谷歌后,ASP.NET似乎对asp.net成员和放一个很好的和详细的教程;角色的安全
After a quick google, ASP.NET seems to have a very good and detailed tutorial on asp.net membership & roles security
http://www.asp.net/web-forms/tutorials/security
您需要阅读的成员,角色和放大器,整款;管理员。
You'll want to read that entire section on Membership, Roles & Admin.
这篇关于与窗体身份验证,使用数据库用户和角色的基于角色的安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!