自定义角色会员资格提供者 [英] Custom Role mebership provider

问题描述

我们正在尝试实现角色成员资格提供程序以保护我们的Web应用程序.我们将创建自定义的角色会员提供程序，因为我们已经拥有包含所有必需表的Ingres数据库.
我们需要完成的工作是角色，我们还需要另一个字段，比如FacilityID，以确定所有登录用户可以在应用程序中访问的内容.我们如何适应角色成员资格模型中的此附加条件.自定义配置文件提供者对我们有帮助吗?
任何建议或相关链接都将有所帮助.

We are trying to implement Role membership provider for securing our web application. We will be creating custom Role memebership provider as we already have our Ingres database containing all the required tables.
What we need to accomplish is along with Role we want another field let''s say FacilityID to determine what all a logged on user can access in the application. How can we fit in this additional condition in Role membership model. Will a custom Profile provider be any help to us?
Any suggestion or related links would be helpful.

推荐答案

几年前，我不得不做类似的事情.我们最终实现了MembershipProvider，MembershipUser和RoleProvider的自定义版本，它们都在System.Web.Security名称空间中找到.

请记住，这些只是类.与任何可继承类一样，派生类可以添加所需的任何方法或属性.例如，我们的用户类上的构造函数检索有关用户角色的信息，并将其保存为对象内的列表.这使我们能够实现诸如HasAdministratorRole之类的属性，这使得安全检查非常容易.我们还实现了LockUser和UnlockUser之类的方法，该方法封装了对成员资格提供程序的调用，以取消或允许进行Web访问.

确切地讲，如何实现新属性将在很大程度上取决于您的特定安全模型和需求，我对此无法提供任何建议.我发现有用的一本书(虽然显然已经过时了，但仍然摆在我的书架上)是Laurence Moroney和Matthew MacDonald撰写的"VB 2005中的Pro ASP.NET 2.0".那，并且很多试验和错误. X |

祝你好运.

I had to do something similar a few years ago. We ended up implementing custom versions of MembershipProvider, MembershipUser and RoleProvider, all found in the System.Web.Security namespace.

Keep in mind that these are just classes. As with any inheritable class, your derived classes can add any method or property that you want. The constructor on our user class, for example, retrieves information about the user''s roles and saves them as a list within the object; this allowed us to implement properties like HasAdministratorRole, which makes security checking very easy. We also implemented methods like LockUser and UnlockUser, which encapsulate calls to the membership provider to cancel or allow web access.

Exactly how you implement the new properties will depend a lot on your particular security model and needs, I can''t really offer any advice on that. One book I found useful (still on my shelf although obviously out-dated) is "Pro ASP.NET 2.0 in VB 2005" by Laurence Moroney and Matthew MacDonald. That, and a lot of trial and error. X|

Good luck.

感谢您的回复.您能否详细介绍一下已实现的角色提供程序功能.

Gregory.Gadow:整个课程共596行，仅发布会有点长.但是基本上....

我们在Web数据库中设置了三个表:WebUsers，WebRoles和WebUserRoles.每个用户在WebUsers中都有一个条目.每个角色在WebRoles中都有一个条目. WebUserRoles包含每个用户具有哪些角色的列表.例如，我在该表中有三个条目，使我可以担任Administrator，Publisher和FieldRep的角色.

该类是用VB.Net for 2.0框架编写的，并且从System.Web.RoleProvider继承.我覆盖了除Description和Name属性以外的所有内容，以保证我可以访问我可能需要的所有功能:代码访问Web表以执行诸如创建和删除角色，向其中添加用户以及从中删除用户的操作.角色，查看给定用户是否具有给定角色，获取给定用户具有的所有角色的列表，依此类推.覆盖Initialize方法使我可以将配置信息放入web.config文件中，并在启动类的实例时将其读出.

提醒您，我们建立了自己的Web用户管理系统，该系统使我们能够仅设置所需的内容并完全按照需要实施.这大大简化了我的工作，但也意味着我们无法使用Microsoft的Web用户管理工具.如果要使用这些工具，则需要跟踪Microsoft的一些脚本(抱歉，我不记得它们的位置)，可以运行这些脚本来设置数据库以满足Microsoft的要求.

Thanks for the reply. Can you please elaborate on the role provider functionality you had implemented.

Gregory.Gadow: The entire class is 596 lines, which is a bit long to simply post. But basically....

We set up three tables in our Web database: WebUsers, WebRoles and WebUserRoles. Each user has a single entry in WebUsers. Each role has a single entry in WebRoles. WebUserRoles holds a list of what roles each user has; for example, I have three entries in that table, which allows me in the roles of Administrator, Publisher and FieldRep.

The class is written in VB.Net for the 2.0 framework and inherits from System.Web.RoleProvider. I overrode everything except the Description and Name properties to guarantee that I would have access to all the functionality I might need: the code access the web tables to do things like create and delete roles, add users to and remove them from roles, see if a given user has a given role, get a list of all roles that a given user has, and so on. Overriding the Initialize method allows me to put configuration info in the web.config file and read it out when an instance of the class is started.

Mind you, we set up our own web user management system, which allowed us to set up only what we needed and implement it exactly as we wanted. That greatly simplified my work, but it also meant we could not use Microsoft''s web user management tools. If you want to use those tools, you will need to track down some scripts from Microsoft (I don''t remember where they are, sorry) that you can run to set up your database to meet Microsoft''s requirements.

因此，本质上我们必须添加自己的方法，才能完成为每个设施获取用户角色的附加条件.

同样，我们正在实现的应用程序将是一种集中式安全性应用程序.因此，尝试访问任何应用程序的用户将首先被重定向到该安全应用程序，并且在成功进行身份验证后将被重定向到相应的应用程序.因此，我们必须在此处进行所有异常处理，以使各个Web应用程序中不需要其他代码.如果您有任何推荐意见，请告诉我.
再次感谢！

So essentially we have to add our own methods to be able to accomplish additional condition for fetching user''s role per facility.

Also the application we are implementing will be a kind of centralized security application. So a user trying to access any application will first be redirected to this security application and on successful authentication will be redirected to respective app. So we have to do all the exception handling here so that there is no additional code required in the individual web apps. If you have any refrence kindly let me know.
Thanks again!

这篇关于自定义角色会员资格提供者的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！