确定是否用户可以访问请求的页面？ [英] Determine if user can access the requested page?

问题描述

我有一个ASP.Net网站有多个角色，每个角色可以访问一个单独的目录（即管理员用户可以访问/管理，购物者可以访问/店等），使用共享的登录页面。如果有人访问登录页面设置为一个目录返回URL他们没有访问（如购物者访问/login.aspx?returnurl=/admin/index.aspx），用户可以成功地authentice（登录凭据有效），但他们最终会回到登录页面（他们没有获得他们所要求的页面）。

I have an ASP.Net website with multiple roles, each with access to a separate directory (i.e. admin users can access /admin, shoppers can access /shop etc), using a shared login page. If someone visits the login page with the return URL set to a directory they do not have access to (e.g. a shopper visits /login.aspx?returnurl=/admin/index.aspx), the user can authentice successfully (the login credentials are valid), but they end up back at the login page (they don't have access to the page they've requested).

如何挑选这件事，这样我就可以显示一条消息，做用户？

How do I pick this up, so I can display a message do the user?

推荐答案

我结束了在登录页面的Page_Load事件中这样做：

I ended up doing this in the page_load event of the login page:

if (User.Identity.IsAuthenticated)
{
    LoginErrorDetails.Text = "You are not authorized to view the requested page";
}

的思维之中，如果通过认证的用户在登录页面结束了，他们要么被送往他们作为试图访问一个网页，他们无权查看，或者他们已经验证，然后手动去了结果登录页面（不太可能）。

The thinking being, if an authenticated user ends up at the login page, they have either been sent their as a result of trying to access an page they are not authorized to view, or they have authenticated and then manually gone to the log in page (unlikely).

进一步的行动将是用户发送到时，他们访问登录页面，如果他们已经认证的相关主页。

A further action would be to send the user to the relevant home page whenever they visit the login page, if they are already authenticated.

这篇关于确定是否用户可以访问请求的页面？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！