如何在不登录的情况下限制管理员访问权限 [英] How to restrict administrator access without login

问题描述

我正在编写用于登录功能的代码.我能够成功登录，但是我的问题是，当我直接通过可直接访问的url调用adminhome.aspx页面时，如果有人试图直接访问adminhome.aspx，我希望该页面应导航到登录页面.我正在为用户LoginId使用会话变量.

谢谢与问候
Nitin Kumar

I am writing code for log in functionality. I am able to login successfully but my problem is, when i directly call that adminhome.aspx page by url that is accessible directly.I want that should navigate to login page if someone is trying to directly access adminhome.aspx. I am using session variable for user LoginId.

Thanks & Regards
Nitin Kumar

推荐答案

在

adminhome.aspx

页面的页面加载事件中，编写以下代码.
确保在uesr注销时具有已放弃"会话.

page write below code.
Make sure you have Abandoned session when uesr logout.

if (Session["session_var"] == null || Convert.ToString(Session["session_var"]) == "")
{
           Response.Redirect("~/adminhome.aspx");
}

我假设您正在编写自己的登录系统?如果是这样，那么提供这种安全性取决于您自己，这是一件复杂的事情，或者要求您在每个单页加载事件中显式检查授权.

简单的解决方案是实现成员资格: MSDN-成员资格简介 [ ^ ]，这样框架就可以轻松应对，并且可以非常轻松地按文件夹设置访问级别.

I am assuming that you are writing your own login system? If so, then providing such security is up to you, and it is a complicated thing, or requires you to explicitly check the authorisation in every single page load event.

The easy solution is to implement Membership: MSDN - Introduction to Membership[^] which lets the framework take the difficulty and allows you to set access levels by folder very easily.

这篇关于如何在不登录的情况下限制管理员访问权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！