.net会员资格拒绝登录 [英] .net Membership deny login

问题描述

我使用.net登录已经有很长时间了，但是我的最新项目需要一些不太好的编码.

I've been working with the .net login for a long time now, but my latest project calls for some not so great coding.

我有一个数据库，其中包含.net成员资格的表等. 有4个角色:

I have one database which contains the tables etc for .net membership. There are 4 roles:

• 管理员
• BasicAdmin
• PowerAdmin
• 会员

现在前三名都可以登录到Admin系统，但是我想拒绝登录为Member角色的用户，因此我在Webconfig中添加了以下内容:

Now the top 3 are able to log into the Admin system, but I want to deny login for those in the role Member, I have added in the following to the webconfig:

<authorization>
  <deny roles="Member"/>
  <deny users="?"/>
</authorization>

这在一定程度上可行.它将具有成员"角色的用户重定向到登录页面，但不会给消息登录失败提供提示，就像您没有注册并输入错误数据时会看到的那样.

this works, to an extent. It redirects the user who is in the role 'Member' to the login page, but it does not give the message login failed, as you would get when you are not registered and you enter wrong data.

成员可以登录该站点的成员区域，这是出于争辩的目的，从而限制了管理员的权限.

The members can log into a members area of the site which will be for arguement sake off limits to admins.

有人知道我要去哪里了吗，我错过了什么吗?或者这不可能吗?

Does anyone know where I am going wrong, am I missing something or is this not possible?

谢谢

推荐答案

您的成员可以登录并获取成员内容，但是当他们尝试访问admin部分中的内容时将被重定向.它是设计使然.该成员不会因为登录失败而收到失败的消息，而是被拒绝访问.

Your members can login and get to the member content but are then redirected when they attempt to get to something in the admin section. It is working by design. The member wouldn't get a failed login message because they have not failed to login, rather they are denied access.

您可以在整个应用程序中查看这些信息，就像一个人试图转到他们无法访问的页面一样，并发出一条他们没有访问权限的消息，但这是额外的工作，但是可行.

Throughout the application you can check as a person is trying to go to page that they can't access and fire off a message that they don't have access but that is extra work but doable.

您还可以通过以下方式修改应用程序:仅当用户处于正确角色时，才显示指向网站某些部分的链接.例如，Roles.IsUserInRole("role")将检查当前登录的身份/用户是否在角色中.在2.0中还提供了LoginView控件，您可以将其包装起来，从而很好地满足您的需求.

You can also modify your application in such a way that links to certain sections of the site only show if the user is in the right role. For example, Roles.IsUserInRole("role") will check the currently logged in identity / user is in a role. There is also the LoginView control in 2.0 that you can wrap controls in that do this nicely for you.

根据您的第一条评论进行澄清.

Clarification based on your first comment.

这是角色提供者的设计方式.当您尝试访问在web.config中被拒绝的页面时，它将重定向到登录页面.

This is how the roles provider is designed. It redirects you to the login page when you try to access a page you have been denied in the web.config for.

您可以做几件事:

删除web.config中的组的deny语句，然后执行以下两项操作之一或执行两项操作:

Remove the deny statements for the groups in the web.config and then do one of two things or both:

使用loginview控件并将"admin"角色的功能封装在admin视图中，然后向成员"角色显示一条他们无权访问的消息.

Use the loginview control and encapsulate the functionality for the "admin" role in the admin view and then display a message to the "member" role that they don't have access.

和/或在页面加载事件上编写代码，以便页面检查角色并显示消息和/或将用户重定向到另一个页面.

And/Or write code on the page load event for a page checking the roles and presenting a message and/or redirecting a user to another page.

或在组的AND.p中保留web.config中的deny语句

OR leave the deny statement in the web.config for the groups AND

在登录页面的页面加载事件上执行类似的操作

on the page load event of the login page do something like

        If  Me.User.Identity IsNot Nothing and Me.User.Identity.Isauthenticated Then
          If Me.User.IsInRole("admin") Then
            Response.Redirect("~NoAccessToMemberStuff.htm")
          Else If Me.User.IsInRole("member") Then
            Response.Redirect("~/NoAccessToAdminStuff.htm")
          End If
    End If

这篇关于.net会员资格拒绝登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！