ASP.Net角色：页面级安全问题 [英] ASP.Net Roles: Page-Level Security Question

问题描述

我们目前正处在重新创建相形见绌我们现有的流程一个全新的安全模式的过程。现在，我们计划在登录过程中抓住用户的角色，然后使用基本页类检查用户是否具有用户导航到相应的页面的作用。

我们可以限制用户的角色菜单的选项，但是我们已经与用户通过键入他们或有旧书签浏览到的网页在我们的系统问题。显然，我们需要某种形式的网页级别的访问。

在我们的基本页类的简单功能，它检查反对页的指定角色ArrayList的将工作中的作用，但我想知道是否有任何内置的功能来支持这个或清洁的解决方案可能。

解决方案

您使用内置成员？

如果是这样，你可以用你的 web.config中的位置部分文件来限制访问的各个页面或整个目录。从 MSDN ：

  

以下示例允许
  匿名用户访问
  Logon.aspx页：

 ＆LT;结构＆gt;
   ＆LT;位置路径=Logon.aspx＆GT;
      ＆LT;＆的System.Web GT;
         ＆LT;授权＆GT;
            ＆LT;让用户= /＆gt的帮助？
         ＆LT; /授权＆GT;
      ＆LT; /system.web>
   ＆LT; /地点＆gt;
＆LT; /结构＆gt;
 

We're currently in the process of re-creating a brand new security model that dwarfs our existing process. Right now, we plan on grabbing a user's roles during the login process and then using a Base Page class to check if the user has the role of the corresponding page the user is navigating to.

We can limit the menu's options by the user's roles as well, but we have had problems with users navigating to pages in our system by typing them in or having old bookmarks. Obviously, we need some sort of page level access.

A simple function in our Base Page class that checks the role in the Arraylist against the page's assigned role would work, but I was wondering if there was any built-in functionality to support this or a cleaner solution possibly.

解决方案

Are you using built-in membership?

If so, you can use the location section of your web.config file to restrict access to individual pages or entire directories. From MSDN:

The following example allows an anonymous user to access the Logon.aspx page:

<configuration>
   <location path="Logon.aspx">
      <system.web>
         <authorization>
            <allow users="?"/>
         </authorization>
      </system.web>
   </location>
</configuration>

这篇关于ASP.Net角色：页面级安全问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！