ASP.NET角色提供VS成员资格提供 [英] ASP.NET Role Provider vs Membership Provider

查看:118
本文介绍了ASP.NET角色提供VS成员资格提供的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

请参阅这个职务。

我已经能够配置我的的web.config 文件,这样当一个未认证用户请求页面时,他被重定向到登录。 ASPX

I have become able to configure my web.config file so that when an unauthenticated user requests a page, he is redirected to the Login.aspx page.

我已经能够通过配置web.config文件做到这一点,code以下几行:

I have been able to do that by configuring web.config file and the following few lines of code:

protected void btnLogin_Click(object sender, EventArgs e)
        {
            string username = this.usernameTextBox.Text;
            string password = this.passwordTextBox.Text;

            bool success = Membership.ValidateUser(username.Trim(), password.Trim());

            if (success)
            {
                FormsAuthentication.SetAuthCookie(username, true);

                Ice_Web_Portal.BO.User user = Ice_Web_Portal.BO.User.GetUserByUserName(username);

                Ice_Web_Portal.BO.UserTypeEnum loginUserType = user.UserTypeEnum;

                if (loginUserType == UserTypeEnum.Student)
                {
                    Response.Redirect("~/Student/StudentControlPanel.aspx?username=" + username);
                }
                else if (loginUserType == UserTypeEnum.Teacher)
                {
                    Response.Redirect("~/Teacher/TeacherControlPanel.aspx?username=" + username);
                }
                else if(loginUserType == UserTypeEnum.Webmaster)
                {
                    Response.Redirect(@"~/Webmaster/WebmasterControlPanel.aspx");
                }
                else
                {
                    labLoginMessage.Text = "Sorry! Type of user couldn't be determined!";
                }
            }
            else
            {
                labLoginMessage.Text = Ice_Web_Portal.BO.User.LoginMessage;
            }
        }

但我这个有问题是,一旦用户通过验证后,他可以访问所有的页面在整个Web应用程序。

But the problem I am having with this is that, once a user is Authenticated, he can access all pages in the entire web application.

但我需要根据自己的作用限制其页面访问区域。即当用不同的角色的用户请求页面时,他应该会自动重定向到的Login.aspx

But I need to restrict their area of page access according to their roles. I.e. when a user with a different role requests a page, he should be automatically redirected to the Login.aspx page.

有可能是,我可以在的Page_Load()检查特定用户角色的技术 - 事件,然后将用户重定向到的Login.aspx 页,如果他不是在那个角色。但我并不想这样做的那样。我想要自动发生的。我需要使用仅角色提供程序框架和web.config文件(因为这是在会员的情况下,即我并不需要检查会员在Page_Load事件。Web.config文件自动拦截访问)。

There may be a technique in which I can check for specific user-roles in the Page_Load()-event and then redirect the user to the Login.aspx page if he is not in that role. But I don't want to do it in that way. I want to happen that automatically. I need to use only Role Provider framework and web.config file (as that was in the case of membership. I.e. I don't need to check membership in the Page_Load event. Web.config file is automatically blocking the access).

谁能告诉我怎样才能纳入这个让特定的用户角色的功能其特定角色的区域内被限制?

Can anyone tell me how can I incorporate Role feature in this so that specific users are confined within their specific Role-area?

什么是code,用于生成授权票?

What is the Code for generating the Authorization Ticket?

推荐答案

添加章节,web.config中

add sections to web.config

  <location path="page-only-allowed-to-be-accessed-by-admin.aspx">
      <system.web>
         <authorization>
           <allow roles="admin"/>
           <deny users="*" />
         </authorization>
      </system.web>
   </location>

您可能会发现本文有趣 - 在的web.config揭秘

You may find this article interesting - the web.config demystified

编辑:

在code生成授权票证在code。

The code for generating the Authorization ticket is in your code.

FormsAuthentication.SetAuthCookie(username, true);

这是像这样(使用红门的反射)实施

public static void SetAuthCookie(string userName, bool createPersistentCookie, string strCookiePath)
{
    Initialize();
    HttpContext current = HttpContext.Current;
    if (!current.Request.IsSecureConnection && RequireSSL)
    {
        throw new HttpException(SR.GetString("Connection_not_secure_creating_secure_cookie"));
    }
    bool flag = CookielessHelperClass.UseCookieless(current, false, CookieMode);
    HttpCookie cookie = GetAuthCookie(userName, createPersistentCookie, flag ? "/" : strCookiePath, !flag);
    if (!flag)
    {
        HttpContext.Current.Response.Cookies.Add(cookie);
        current.CookielessHelper.SetCookieValue('F', null);
    }
    else
    {
        current.CookielessHelper.SetCookieValue('F', cookie.Value);
    }
}

在RoleProvider将得到角色给定用户,所以当web.config中被检查为允许或拒绝角色/用户对于应用程序的某一部分,在RoleProvider将得到角色的用户,然后核对允许/拒绝角色,并授权在适当。

The RoleProvider will get the roles for a given user, so when the web.config is inspected for allowed or denied roles/users for a given section of your application, the RoleProvider will get the roles for the user and then check against the allowed/denied roles and authorize if appropriate.

这篇关于ASP.NET角色提供VS成员资格提供的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆