是否可以动态地修改角色权限,也产生ASP.NET合适的网站导航/菜单? [英] Is it possible to dynamically modify role permissions and also generate the appropriate sitemap/menus in ASP.NET?
问题描述
我做在ASP.net安全的Sitemaps一些研究,我不幸的时间所剩无几。所以我不能完全肯定,如果我在正确的方向也得走我没有工作太多与ASP.net的安全性。
I'm doing some research on security and sitemaps in ASP.net and am unfortunately running short on time. I have not worked too much with ASP.net security so I'm not completely sure if I'm heading in the right direction.
下面是我的问题:
我有一个公共网站(即在互联网上),将允许任何用户签名支持。该网站将使用ASP.net web表单开发。这些用户可以创建其他用户和分配这些用户不同的角色。
I have a public website (i.e. on the internet) that will allow any user to sign up to. The website will be developed using ASP.net webforms. These users may create other users and assign these users different roles.
不同的角色有不同的限制,并进行正确显示的菜单。例如,作为管理员的用户可以看到所有的菜单选项。而有限的用户只能看到其中的一些菜单项。
Different roles have different restrictions and the menu is displayed appropriately. For example, a user acting as an administrator can see all menu options. Whereas a limited user will only see some of these menu items.
有需要为用户对我们的最终修改特定角色可以访问哪些页面的能力。例如,如果role1上可以做任务的X,我们希望能够在某些时候修改role1上不再做任务X.这将使用内置的内部的应用程序来完成。
There needs to be the ability for users on our end to modify what pages certain roles can access. For example, if Role1 can do task X, we would like to be able at some point modify Role1 to no longer do task X. This would be done using an application built in-house.
用户类型(角色)将被保存在数据库中。用户权限(哪些页面每种类型都可以访问)也被保存在数据库中保存。
User types (roles) are to be saved in the database. User permissions (what pages each type can have access to) are also to be saved saved in the database.
下面是什么我想这样做的:
Here is something I am thinking of doing:
- 实施使用web.config文件中设置了内置在ASP.net授权和认证
- 使用站点地图动态创建菜单/从数据库面包
我相信这是可以做到使用自定义提供第二个(请纠正我,如果我错了)。但我不能完全肯定,如果它可以动态配置的web.config文件。
I believe it is possible to do the second one using custom providers (please correct me if I'm wrong). But I am not entirely sure if it's possible to configure the web.config file dynamically.
我想这确实是一个更是/否的答案,但我只是想确保我不会在错误的方向前进。我将使用VS2008和.NET 3.5框架。
I suppose this is really more of a yes/no answer but I would just like to make sure I'm not going in the wrong direction. I will be using VS2008 and .net 3.5 framework.
非常感谢。
推荐答案
是的,这是可以做到的,你在说什么。您可以动态地创建使用自定义SiteMapProvider的网站地图,看到这个articlet 的http:// WWW。codeproject.com / KB / ASPNET / dynamicsitemap.aspx 。
Yes, it's possible to do what you're saying. You can dynamically create the sitemaps using a custom SiteMapProvider, see this articlet http://www.codeproject.com/KB/aspnet/dynamicsitemap.aspx.
您还可以修改使用一个XmlReader在运行时在web.config或者如果你preFER,只是读入一个字符串,并解析出授权元素。我把它放在一个单独的文件,不过,使用configSource:
You can also modify the web.config at runtime using an XmlReader or if you prefer, just reading it into a string and parsing out the authorization element. I'd put it in a separate file, though, using configSource:
<授权configSource =auth.config/>
<authorization configSource="auth.config" />
然后你只需要修改该文件,而不用担心弄乱的Web.config
Then you only need to modify that file and not worry about messing up the web.config
这篇关于是否可以动态地修改角色权限,也产生ASP.NET合适的网站导航/菜单?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
