如何在ASP.NET中将访问权限限制为特定用户类型的文件夹文件? [英] How to restrict to access a folder files to particular user type in ASP.NET?

问题描述

当用户通过浏览default.aspx页面登录到我的应用程序时，基于用户对象的EmployeeType，我知道用户是Customor还是Vendor还是Employee.我想实现的是，我应该只允许"Customer"用户访问"Protected/Customer"文件夹下的文件和文件夹.同样，只有供应商用户才能访问受保护/供应商"文件夹下的文件和文件夹.我的意思是客户不应允许访问与供应商有关的页面，反之亦然.如何实现呢?请帮忙.

文件夹结构如下所示:

保护/客户/SomeFolder1/SomeFile1.aspx
保护/客户/SomeFolder2/SomeFile2.aspx

保护/供应商/SomeFolder1/SomeFile1.aspx
保护/供应商/SomeFolder2/SomeFile2.aspx

请注意，我没有使用表单身份验证.身份验证由Site Minder(第三方工具)完成.他们将仅根据我可以获得用户详细信息返回UID.没有将用户分配给任何角色.根据用户的雇员类型，我需要实现上述方案.

While user logging to my application by browsing default.aspx page, I know whether the user is Customor or Vendor or Employee based on EmployeeType of User object. What I would like to achieve is that I should only allow Customor users could access files and folder under the folder Protected/Customer. Similarly only Vendor users could access only the files and folders under the folder Protected/Vendor. I mean a customer should not allow to access Vendor related pages and vise-versa. How to achieve this? Please do help.

The folder structure looks like given below:

protected/customer/SomeFolder1/SomeFile1.aspx
protected/customer/SomeFolder2/SomeFile2.aspx

protected/vendor/SomeFolder1/SomeFile1.aspx
protected/vendor/SomeFolder2/SomeFile2.aspx

Please note that I''m not using Forms authentication. The authentication is done by Site Minder (By thrid party tool). They will return only UID based on that I could get user details. Users are not assigned to any roles. Based on Employee type of users I need to achieve the above mentioned scenario.

推荐答案

Control Authorization by Modifying the Web.config File

To restrict access to ASP.NET applications that use forms authentication, edit the <authorization> element in the application’s Web.config file. To do this, follow these steps: 1.Start a text editor, such as Notepad, and then open the Web.config file that is located in the application’s root folder.

Note If the Web.config file does not exist, create a Web.config file for the ASP.NET application.
2.If you want to control authorization for the whole application, add the <authorization> configuration element to the <system.web> element in the Web.config file.
3.In the <authorization> element, add the <allow> configuration element and the <deny> configuration element. Use the users attribute to specify a comma-delimited list of user names. You can use a question mark (?) as a wildcard character that matches any user name. For example, the following code denies access to all users except user1 and user2:

<authorization>
    <allow users="user1, user2"/>
    <deny users="?"/>
</authorization>
4.Save the Web.config file.

Note For more information about configuring directory-specific and file-specific settings, see the References section of this article.

http://asp.net.bigresource.com/如何限制访问一个指定的文件夹gjhYAFCyM.html [ http://forums.asp.net/t/1666926.aspx/1 [ ^ ]
http://stackoverflow.com/问题/10544276/如何限制访问网页的用户的不同类型 [ ^ ]

http://asp.net.bigresource.com/How-to-Restrict-Access-to-an-specified-folder-gjhYAFCyM.html[^]
http://forums.asp.net/t/1666926.aspx/1[^]
http://stackoverflow.com/questions/10544276/how-to-restrict-access-to-web-pages-for-different-types-of-users[^]
http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx[^]



Thanks,
Ambesha

您可以使用ASP.NET授权来限制对文件夹的访问

ASP.NET身份验证和授权 [

You can use ASP.NET Authorization to restrict access to Folder

ASP.NET authentication and authorization[^]

<authorization>
<deny roles="Vendor" />
</authorization>

这篇关于如何在ASP.NET中将访问权限限制为特定用户类型的文件夹文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！