如何从ASP.NET中浏览网页的限制未记录/未经授权的用户 [英] How to restrict unlogged/unauthorized users from viewing web pages in ASP.NET

问题描述

我有一些创建web表单，我需要检查用户是否正在显示其他网站的形式之前验证与否。所有用户都可以访问 Default.aspx的和 About.aspx 页。
我有三种类型的用户即─管理​​员，用户和超级用户的。另外，我一直在我自己的SQL Server数据库的身份验证详细信息。

I have some created web forms and I need to check whether the user is authenticated or not, before displaying the other web forms. All the users can access Default.aspx and About.aspx pages. And I have three types of users namely- Admin,User and Super User. Also, I keep the authentication details in my own SQL server db.

我怎样才能做到这一点？
在此先感谢！

How can I do this? Thanks in advance!

推荐答案

先建立成员身份和角色提供。有关于它的整个故事。我会在这里给一个帮助。

First establish membership and role provider. There is whole story about it. I will give a help here.

下面是链接的SqlMembershipProvider（你可以把选项之一）：
的http://msdn.microsoft.com/en-us/library/system.web.security.sqlmembershipprovider.aspx

Here is link to SqlMembershipProvider (one of the options you can take): http://msdn.microsoft.com/en-us/library/system.web.security.sqlmembershipprovider.aspx

下面是链接SqlRoleProvider（您可以采取的选项重新只有一个）::
的http://msdn.microsoft.com/en-us/library/system.web.security.sqlroleprovider.aspx

Here is link to SqlRoleProvider (again only one of the options you can take):: http://msdn.microsoft.com/en-us/library/system.web.security.sqlroleprovider.aspx

您已经建立之后，你可以限制在文件夹级别的用户/角色的访问。将这个code到web.config文件（配置标签中）：

After you have established this you can limit user/role access on folder level. Put this code to web.config (inside configuration tag):

  <location path="AdminPages">
    <system.web>
      <authorization>
        <allow roles="Administrator"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="UserPages">
    <system.web>
      <authorization>
        <allow roles="Administrator,User"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

下面一点交代。根文件夹AdminPages将alowed只在角色管理员的用户。根文件夹UserPages中的角色管理员和用户的用户。在这两种情况下是未知的用户将不会被允许访问的文件夹。这是你所需要的。替代这是创建类，从页继承，然后有处理页面访问......不过我不会走那条路。

Here is little explaination. Root folder "AdminPages" will be alowed only to users in role "Administrators". Root folder "UserPages" to users in role "Administrator" and "User". In both cases unknown users will not be allowed to access folders. This is all you need. Alternative to this is to create class that inherits from Page and then there handle page access... however I would not go that way.

这篇关于如何从ASP.NET中浏览网页的限制未记录/未经授权的用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！