是否有可能从一个SQL数据库中的web.config文件中引用的价值? [英] Is it possible to reference a value from an SQL database in a web.config file?
问题描述
我知道这是一个奇怪的问题,基本上我们正在尝试使用web.config文件来限制accesss某些用户。不幸的是,网站没有使用角色,而是访问SQL数据库基于存储值弄清楚用户的角色。是否有可能以某种方式拉SQL值来确定用户是否应该被授予访问权限,例如:
I know this is a strange question, basically we are trying to use the web.config file to restrict accesss to certain users. Unfortunately the site isn't using roles but rather accesses an sql database to figure out the user's role based on a stored value. Is it possible to somehow pull the SQL value to determine whether or not a user should be granted access, for example:
<location path="Restrictedpage.aspx">
<system.web>
<authorization>
<allow users="SQL Reference would go here, returning the usernames that fall under certain criteria, such as value admin = 1"/>
<deny users="*"/>
</authorization>
</system.web>
我知道这是一个奇怪的问题,我是pretty新的这一切,但我真的可以使用一些帮助,如果有人有更好的方法,我会在该AP preciate的想法了。
I know this is a weird question, I am pretty new to all this but I could really use some help, if someone has a better method I would appreciate ideas on that too.
谢谢!
推荐答案
没有。在web.config是为声明配置。随着中说,仅仅因为没有在数据库中的角色,并不意味着你不能在应用程序中使用的角色。例如,如果某人有 IsAdmin = 1 在数据库中,你可以把它们放在当他们登录管理员角色。然后,你可以很容易地使用&LT;授权&GT; 部分在web.config中只允许 Administrators组成员角色的访问到该位置。
No. The web.config is meant for declarative configuration. With that said, just because there aren't roles in the database, doesn't mean you can't use roles in the application. For example, if someone has IsAdmin = 1 in the database, you can put them in the Administrators role when they login. Then, you could easily use the <authorization> section in the web.config to only allow members of the Administrators role access to that location.
作为替代web.config中,你可以使用的Page_Load() RestrictedPage.aspx的查询数据库,并检查用户是管理员。如果不是,将用户重定向别的地方。但是,如果你能重新编译code和将要经历这一切麻烦,你可能也只是使用基于角色的方法。
As an alternative to the web.config, you could use the Page_Load() of RestrictedPage.aspx to query the database and check if the user is an admin. If they are not, redirect the user someplace else. However, if you can re-compile the code and are going to go through all this trouble, you may as well just use a role-based approach.
这篇关于是否有可能从一个SQL数据库中的web.config文件中引用的价值?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
