需要在Web.config中授权多重角色 [英] Requiring Multiple Roles in Web.config Authorization

问题描述

是否可以指定所需的web.config文件的授权元素中多个角色？我目前在我的一个网站的web.config此块为一个特定的目录：

Is it possible to specify that multiple roles are required inside the authorization element of the web.config file? I currently have this block in one web.config of my site for a specific directory:

<authorization>  
    <allow roles="Global, Region" />
    <deny users="*" />
</authorization>

我已经能发现一个特殊的情况下，比全球和区域的两个低级别权限的人也应该有访问该目录。粗略地说，我想是这样的：

I've just identified a special case where a person with two lower-level permissions than Global and Region should also have access to this directory. Roughly, I want something like this:

<authorization>  
    <allow roles="GlobalManager, RegionManager, SiteManager && FooSite" />
    <deny users="*" />
</authorization>

任何想法？我意识到我也许应该有这种方案中的新角色，但我想避免这种情况。谢谢！

Any ideas? I realize I probably should have a new role for this scenario, but I'd like to avoid that. Thanks!

推荐答案

我不认为你可以通过允许在web.config中目前CONFIGS做到这一点。什么，你可以做虽然是类似如下......在你的的Page_Load 事件的第一线有问题的页面，请使用以下code（VB ）：

I don't think you can do this via the current configs allowed in web.config. What you could do though is something like the following... as the very first line in your Page_Load event for the page in question, use the following code (VB):

If Not (User.IsInRole("Role1") AndAlso User.IsInRole("Role2")) Then _
    FormsAuthentication.RedirectToLoginPage()

当然，此行是假设你使用FormsAuthentication。如果没有，你就需要更换 FormsAuthentication.RedirectToLoginPage（）与这取决于您的身份验证方法的相应code。

This line of course is assuming you are using FormsAuthentication. If not, you would need to replace FormsAuthentication.RedirectToLoginPage() with the appropriate code depending on your authentication method.

我不知道你的确切情况，但根据您的code，它看起来像你可以走一步，并添加一个表与用户网站的映射，并做类似如下：

I don't know your situation exactly, but based on your code, it looks like you could go one step further, and add a table with a mapping of users to sites, and do something like the following:

在一个公共模块，添加以下code：

In a public module, add the following code:

<System.Runtime.CompilerServices.Extension()> _
Public Function ManagesSite(target As System.Security.Principal.IPrincipal, siteName As String) As Boolean
    Return [ code here to look up whether this user can access the site specified ]
End Function 

然后，你可以写previous code的东西更合乎逻辑，如：

Then you can write the previous code as something more logical, such as:

If Not (User.IsInRole("SiteManager") AndAlso User.ManagesSite(Request.Url.Host)) Then _
    FormsAuthentication.RedirectToLoginPage()

这篇关于需要在Web.config中授权多重角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！