授权Asp.net web.config [英] Authorization Asp.net web.config

问题描述

我有一个具有后台办公室的应用程序.该后台办公室是通过使用以下角色来隔离的:

I have an application that has a backoffice. This backoffice was isolated with the use of roles like this:

<location path="backoffice">
    <system.web>
        <authorization>
            <allow roles="admin"/>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

但是现在我们有了另一种需要访问的角色.公司管理员角色.

But now we have another type of role that needs access. The companyadmin role.

我可以说吗?:

 <location path="backoffice">
        <system.web>
            <authorization>
                <allow roles="admin,companyadmin"/>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>

推荐答案

是的，完全是这样(假设您正确验证了用户的身份，并相应地设置了他们的角色).检查MSDN文章: http://msdn.microsoft.com/en-us/library/8d82143t(VS.71).aspx

Yes, exactly so (assuming you properly authenticated your users, and set their roles accordingly). Check the MSDN article: http://msdn.microsoft.com/en-us/library/8d82143t(VS.71).aspx

这篇关于授权Asp.net web.config的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！