需要在Web.config中授权多重角色 [英] Requiring Multiple Roles in Web.config Authorization
问题描述
是否可以指定所需的web.config文件的授权元素中多个角色?我目前在我的一个网站的web.config此块为一个特定的目录:
Is it possible to specify that multiple roles are required inside the authorization element of the web.config file? I currently have this block in one web.config of my site for a specific directory:
<authorization>
<allow roles="Global, Region" />
<deny users="*" />
</authorization>
我已经能发现一个特殊的情况下,比全球和区域的两个低级别权限的人也应该有访问该目录。粗略地说,我想是这样的:
I've just identified a special case where a person with two lower-level permissions than Global and Region should also have access to this directory. Roughly, I want something like this:
<authorization>
<allow roles="GlobalManager, RegionManager, SiteManager && FooSite" />
<deny users="*" />
</authorization>
任何想法?我意识到我也许应该有这种方案中的新角色,但我想避免这种情况。谢谢!
Any ideas? I realize I probably should have a new role for this scenario, but I'd like to avoid that. Thanks!
推荐答案
我不认为你可以通过允许在web.config中目前CONFIGS做到这一点。什么,你可以做虽然是类似如下......在你的的Page_Load
事件的第一线有问题的页面,请使用以下code(VB ):
I don't think you can do this via the current configs allowed in web.config. What you could do though is something like the following... as the very first line in your Page_Load
event for the page in question, use the following code (VB):
If Not (User.IsInRole("Role1") AndAlso User.IsInRole("Role2")) Then _
FormsAuthentication.RedirectToLoginPage()
当然,此行是假设你使用FormsAuthentication。如果没有,你就需要更换 FormsAuthentication.RedirectToLoginPage()
与这取决于您的身份验证方法的相应code。
This line of course is assuming you are using FormsAuthentication. If not, you would need to replace FormsAuthentication.RedirectToLoginPage()
with the appropriate code depending on your authentication method.
我不知道你的确切情况,但根据您的code,它看起来像你可以走一步,并添加一个表与用户网站的映射,并做类似如下:
I don't know your situation exactly, but based on your code, it looks like you could go one step further, and add a table with a mapping of users to sites, and do something like the following:
在一个公共模块,添加以下code:
In a public module, add the following code:
<System.Runtime.CompilerServices.Extension()> _
Public Function ManagesSite(target As System.Security.Principal.IPrincipal, siteName As String) As Boolean
Return [ code here to look up whether this user can access the site specified ]
End Function
然后,你可以写previous code的东西更合乎逻辑,如:
Then you can write the previous code as something more logical, such as:
If Not (User.IsInRole("SiteManager") AndAlso User.ManagesSite(Request.Url.Host)) Then _
FormsAuthentication.RedirectToLoginPage()
这篇关于需要在Web.config中授权多重角色的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!