如何在Asp.net,C#中使用授权和身份验证?
[英]How to use Authorization & Authentication in Asp.net, C#?
问题描述
I am using Roll management and I am trying to give page and folder access according to user or user group, Also using server created AD group for user authentication. 
我正在使用Roll Management,并且尝试根据用户或用户组来授予页面和文件夹访问权限,并且还使用服务器创建的AD组进行用户身份验证。
I have default1.aspx page as default and subdir1 folder to give different access for separate user group 我有default1.aspx页面作为默认目录,而subdir1文件夹为单独的用户组提供了不同的访问权限
I am using below logic in web.config. 我在web.config中使用以下逻辑。
<location path="subdir1">
<system.web>
<authorization>
<allow users ="?" />
</authorization>
</system.web>
</location>
I am facing problem to provide same access to 2 or more directory to same user so should I have to provide allow user code twice for both folder? 我面临向同一用户提供对2个或更多目录的相同访问权限的问题,因此我是否必须为两个文件夹提供两次允许用户代码?
I can use this logic by repeating value for all folder but I want to do all access providing in one logic. 我可以通过为所有文件夹重复值来使用此逻辑,但是我想用一种逻辑来提供所有访问权限。
2 个解决方案
解决方案1
3 已采纳 2015-07-08 09:30:24
I have got the answer to configure folder/page access, For that i have to make different access as shown below.. 我已经得到配置文件夹/页面访问的答案,为此,我必须进行如下所示的其他访问。
Configure Access to a Specific File and Folder, Set up forms-based authentication. 配置对特定文件和文件夹的访问,设置基于表单的身份验证。 Request any page in application to be redirected to Logon.aspx automatically. 请求将应用程序中的任何页面自动重定向到Logon.aspx。
In the Web.config file, done the following code. 在Web.config文件中,执行以下代码。
This code grants all users access to the Default1.aspx page and the Subdir1 folder. 此代码授予所有用户访问Default1.aspx页和Subdir1文件夹的权限。
<configuration>
<system.web>
<authentication mode="Forms" >
<forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >
</forms>
</authentication>
<!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->
<authorization>
<deny users="?" />
</authorization>
</system.web>
<!-- This section gives the unauthenticated user access to the Default1.aspx page only. It is located in the same folder as this configuration file. -->
<location path="default1.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
<!-- This section gives the unauthenticated user access to all of the files that are stored in the Subdir1 folder. -->
<location path="subdir1">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
</configuration>
Users can open the Default1.aspx file or any other file saved in the Subdir1 folder in your application. 用户可以打开Default1.aspx文件或保存在应用程序的Subdir1文件夹中的任何其他文件。 They will not be redirected automatically to the Logon.aspx file for authentication. 它们不会自动重定向到Logon.aspx文件进行身份验证。
Repeat configuration Step to identify any other pages or folders for which you want to permit access by unauthenticated users. 重复配置步骤,确定要允许未经身份验证的用户访问的所有其他页面或文件夹。
For more Reference check Microsoft support page - https://support.microsoft.com/en-us/kb/301240 有关更多参考,请查看Microsoft支持页面-https://support.microsoft.com/zh-cn/kb/301240
And also you can check http://www.iis.net/configreference/system.webserver/security/authorization 您也可以检查http://www.iis.net/configreference/system.webserver/security/authorization
After you have to do coding on login page for reference check this -> http://www.codeproject.com/Articles/13872/Form-authentication-and-authorization-in-ASP-NET 在必须对登录页面进行编码以供参考后,请检查此-> http://www.codeproject.com/Articles/13872/Form-authentication-and-authorization-in-ASP-NET
解决方案2
0 2015-07-08 09:22:57
Actually, the asp.net user access management spans widely so I've decided to introduce you two links which help me a lot. 实际上,asp.net用户访问管理范围广泛,因此,我决定为您介绍两个链接,这些链接对我有很大帮助。 Hope this could help you as well. 希望这对您也有帮助。 Understanding Role Management 了解角色管理
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.