Asp.net动态的用户和基于活动的授权与隐藏显示的网站母版混合的html [英] Asp.net dynamic User and activity based authorisation mixed with hide show site master html

查看:728
本文介绍了Asp.net动态的用户和基于活动的授权与隐藏显示的网站母版混合的html的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我没有找到我的ASP.NET Web窗体网站的用户和基于活动的授权很好的例子。目前,我正在使用的web配置用户角色,以允许/拒绝访问的文件夹内的网页。但是这种方法被证明是维护,特别是当用户拿出特例情况下,可以完全脱离现有的角色权限偏离了一场噩梦。

I am failing to find good examples of user and activity based authorization for my ASP.NET web forms site. Currently, i am using user roles in web config to allow/deny access to pages within folders. But this method is proving to be a nightmare to maintain, especially when users come up with special case scenarios, which completely deviate from existing role permissions.

所以我在寻找一种方式,能够存储和检索用户的访问权限,从数据库中,然后执行这些动态上我的网站。

So i am looking for a way to be able to store and retrieve user access rights, from the database and then enforce them on my web site dynamically.

我的第二个问题是如何显示/隐藏来自特定用户的特定网站母HTML。我还想到在数据库中存储这些信息,使这些权利是动态分配也。
目前,我很难在隐藏/显示权限后面我的网站主code说的编码:

My Second problem is how to show/hide certain site master html from certain users. I was also thinking to store this information in the database, so that these rights are dynamically allocated also. Currently, i am hard coding in my site master code behind the hide/show permissions by saying:

If(isInRole("Admin"){
// Show Everything
}
else
{
// hide certain html
}

所以这种方法的工作原理目前,但是有问题的,以保持和不是很灵活。

So this approach works currently, but is problematic to maintain and not very flexible.

最后,我一直在寻找基于活动的授权,利弊它被很好这篇文章中描述html的相对=nofollow> http://ryankirkman.com/2013/01/31/activity-based-authorization.html 。
因此,我将如何实现,在我的ASP.NET Web窗体的网站?

Finally, I was looking at activity based authorization, the pros and cons of which were well described in this article: http://ryankirkman.com/2013/01/31/activity-based-authorization.html. So how would i implement that in my ASP.NET web forms site?

在结论有三件事我是后:

In conclusion there is three things i am after:


  1. 动态控制基于用户授权在我的网站母版页的HTML元素的可见性。

  2. 动态控制用户授权我的aspx页面

  3. 动态控制用户的基于活动的授权

在这个任何投入将是非常美联社preciated。谢谢

Any input on this would be highly appreciated. Thank you

推荐答案

您应该切换从基于角色的身份验证基于身份验证的要求。这里的描述基于声明的身份验证的基础知识的文章:

You should switch from role based authentication to claims based authentication. Here's an article describing the basics of claims based authentication:

<一个href=\"http://dotnetcodr.com/2013/02/11/introduction-to-claims-based-security-in-net4-5-with-c-part-1/\" rel=\"nofollow\">http://dotnetcodr.com/2013/02/11/introduction-to-claims-based-security-in-net4-5-with-c-part-1/

索赔会给你在为每个用户的权限进行细粒度控制。 ClaimsPrincipal也可以在web表单用于:

Claims will give you fine grained control over the rights for each individual user. ClaimsPrincipal can also be used in webforms:

https://visualstudiomagazine.com/articles/2013/09/01/going-beyond-usernames-and-roles.aspx

的属性可应用于在ASP.NET网页和方法窗体应用程序(上面的文章中描述):

An attribute can be applied to pages and methods in an ASP.NET Web Forms application (described in the article above):

[ClaimsPrincipalPermission(SecurityAction.Demand, 
  Operation="Update", Resource="Customer")]
public partial class CustomerUpdate : System.Web.UI.Page
{

这篇关于Asp.net动态的用户和基于活动的授权与隐藏显示的网站母版混合的html的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆