ASP.NET安全角色和权限 [英] ASP.NET Security Roles AND Permissions

问题描述

我很舒服与ASP.NET安全模型，从而可以允许/拒绝根据他们在例如什么样的角色获得用户在web.config

I'm comfortable with the ASP.NET security model whereby one can allow/deny access to users in the web.config based on what roles they are in e.g.

<system.web>
  <authorization>
    <allow roles = "Admin" />
  </authorization>
</system.web>

不过我想要做的就是给admin用户的权限集，然后可以例如检验包含可打印的文档权限的管理员用户，删除可删除文件

However what I want to do is give the admin user a set of permissions which can then be checked e.g. an Admin user with permissions like "can print documents", "can delete document"

是这样的事情可能的开箱或者我需要往下走定制路线？

Is this sort of thing possible out of the box or would I need to go down a custom route?

推荐答案

您可以使用阿兹曼在的这个MSDN文章。

You can use Azman as described in this MSDN article.

但也有一些事情我不喜欢阿兹曼，让我滚我自己作为一个补充，RoleProvider（即管理权限到角色的映射附加表，API和管理工具）。

But there are a number of things I don't like about Azman, so I rolled my own as a complement to the RoleProvider (additional tables, APIs and admin tools that manage the mapping of permissions to roles).

我的自定义实现是很简单的：

My custom implementation is very simple:

• M-N的角色和权限之间的关系。

• M-N relationship between roles and permissions.

这是APIHasPermission，测试如果一个给定主体具有给定的许可。这只是通过所有角色和检查重复。如果角色有获得许可。映射权限的角色是使用ASP.NET缓存性能原因缓存。

An API "HasPermission" that tests if a given principal has a given permission. This simply iterates through all roles and checks if the role has the given permission. The mapping permission-roles is cached using the ASP.NET cache for performance reasons.

这篇关于ASP.NET安全角色和权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！