Asp.net动态的用户和基于活动的授权与隐藏显示的网站母版混合的html [英] Asp.net dynamic User and activity based authorisation mixed with hide show site master html
问题描述
我没有找到我的ASP.NET Web窗体网站的用户和基于活动的授权很好的例子。目前,我正在使用的web配置用户角色,以允许/拒绝访问的文件夹内的网页。但是这种方法被证明是维护,特别是当用户拿出特例情况下,可以完全脱离现有的角色权限偏离了一场噩梦。
I am failing to find good examples of user and activity based authorization for my ASP.NET web forms site. Currently, i am using user roles in web config to allow/deny access to pages within folders. But this method is proving to be a nightmare to maintain, especially when users come up with special case scenarios, which completely deviate from existing role permissions.
所以我在寻找一种方式,能够存储和检索用户的访问权限,从数据库中,然后执行这些动态上我的网站。
So i am looking for a way to be able to store and retrieve user access rights, from the database and then enforce them on my web site dynamically.
我的第二个问题是如何显示/隐藏来自特定用户的特定网站母HTML。我还想到在数据库中存储这些信息,使这些权利是动态分配也。
目前,我很难在隐藏/显示权限后面我的网站主code说的编码:
My Second problem is how to show/hide certain site master html from certain users. I was also thinking to store this information in the database, so that these rights are dynamically allocated also. Currently, i am hard coding in my site master code behind the hide/show permissions by saying:
If(isInRole("Admin"){
// Show Everything
}
else
{
// hide certain html
}
所以这种方法的工作原理目前,但是有问题的,以保持和不是很灵活。
So this approach works currently, but is problematic to maintain and not very flexible.
最后,我一直在寻找基于活动的授权,利弊它被很好这篇文章中描述html的相对=nofollow> http://ryankirkman.com/2013/01/31/activity-based-authorization.html 。
因此,我将如何实现,在我的ASP.NET Web窗体的网站?
Finally, I was looking at activity based authorization, the pros and cons of which were well described in this article: http://ryankirkman.com/2013/01/31/activity-based-authorization.html. So how would i implement that in my ASP.NET web forms site?
在结论有三件事我是后:
In conclusion there is three things i am after:
- 动态控制基于用户授权在我的网站母版页的HTML元素的可见性。
- 动态控制用户授权我的aspx页面
- 动态控制用户的基于活动的授权
在这个任何投入将是非常美联社preciated。谢谢
Any input on this would be highly appreciated. Thank you
推荐答案
您应该切换从基于角色的身份验证基于身份验证的要求。这里的描述基于声明的身份验证的基础知识的文章:
You should switch from role based authentication to claims based authentication. Here's an article describing the basics of claims based authentication:
<一个href=\"http://dotnetcodr.com/2013/02/11/introduction-to-claims-based-security-in-net4-5-with-c-part-1/\" rel=\"nofollow\">http://dotnetcodr.com/2013/02/11/introduction-to-claims-based-security-in-net4-5-with-c-part-1/
索赔会给你在为每个用户的权限进行细粒度控制。 ClaimsPrincipal也可以在web表单用于:
Claims will give you fine grained control over the rights for each individual user. ClaimsPrincipal can also be used in webforms:
的https://visualstudiomagazine.com/articles/2013/09/01/going-beyond-usernames-and-roles.aspx
的属性可应用于在ASP.NET网页和方法窗体应用程序(上面的文章中描述):
An attribute can be applied to pages and methods in an ASP.NET Web Forms application (described in the article above):
[ClaimsPrincipalPermission(SecurityAction.Demand,
Operation="Update", Resource="Customer")]
public partial class CustomerUpdate : System.Web.UI.Page
{
这篇关于Asp.net动态的用户和基于活动的授权与隐藏显示的网站母版混合的html的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!