使用ASP.NET Web表单通过自定义登录阻止对文件夹的访问
[英]Block access to folder with custom login using asp.net webforms
问题描述
I have used asp.net membership for some time, but this time due to certain requirement we cant use asp.net membership. 
我已经使用过asp.net成员资格已有一段时间了,但是这次由于某些要求,我们不能使用asp.net成员资格。 So i have to implement a simple login system where we have to validate uses and give them access to website section and on other side also block access to certain folder also so that logged in users can only access contents of these folders. 因此,我必须实施一个简单的登录系统,在该系统中,我们必须验证使用情况,并让他们访问网站部分,另一方面,也阻止对某些文件夹的访问,以便已登录的用户只能访问这些文件夹的内容。
block access to following folders 阻止访问以下文件夹
/English/ /英语/
/French/ /法语/
/Images/ /图片/
User should be able to access contents of these folders only if they are logged in. I am setting a simple session variable when user logs in successfully. 用户只有登录后才能访问这些文件夹的内容。当用户成功登录时,我正在设置一个简单的会话变量。 Let us session["UserLoggedIn"] = true . 让我们session["UserLoggedIn"] = true 。
With asp.net membership we can block access to folders from web.config. 使用asp.net成员资格,我们可以阻止从web.config访问文件夹。 But i am not sure how i can do it with custom loggin. 但是我不确定如何使用自定义登录来实现。
Any pointer in this regarding would be help full. 关于这一点的任何指示都将对您有所帮助。
1 个解决方案
解决方案1
1 2016-02-08 05:59:42
I'm not too sure if this will work for you, but I have done something similar to this in the past (see user Isaac's answer for a bit of guidance): Securing a web folder with out membership roles defined 我不太确定这是否适合您,但过去我做了类似的事情(请参阅用户Isaac的回答以获取一些指导): 保护未定义成员角色的Web文件夹
Basically, upon the login event you could assign the session a variable of "English" or "French" (note I'm not in VS right now so my code might be roughly what you're looking for): 基本上,在登录事件后,您可以为会话分配“英语”或“法语”变量(请注意,我现在不在VS中,因此我的代码可能大致就是您要查找的内容):
void protected OnLogin()
{
if(UserIsAuthenticated)
{
Session["English"] = true;
}
}
and then in the Global.asax file you should be able to reference that variable if the user is authenticated: 然后,如果用户通过了身份验证,则在Global.asax文件中应该可以引用该变量:
void Application_BeginRequest(object sender, EventArgs e)
{
if(Request.PhysicalPath.Contains("English")
{
if(!((bool)Session["English"]))
//Not "English" user - redirect to login or unauthorized page
}
}
Again, my code is mostly taken from the link I gave you, if that doesn't work I can fish around some of my projects to see exactly what I've done in the past. 再说一次,我的代码主要来自我给您的链接,如果那行不通,我可以在我的一些项目中闲逛,以查看我过去所做的事情。
Additionally you could use Visual Studio 2012 and use the ASP.NET Web Configuration Tool and try to work your user database into working with it, I've seen people do it - it is a bit complicated because you have to code a bit in the web.config file, but is more likely secure I am guessing. 另外,您可以使用Visual Studio 2012和ASP.NET Web配置工具,并尝试使您的用户数据库与之一起使用,我见过有人这样做-这有点复杂,因为您必须在其中进行一些编码web.config文件,但是我猜想它更可能安全。 This MSDN article might help some as well: http://www.asp.net/web-api/overview/security/external-authentication-services . 此MSDN文章可能也有帮助: http : //www.asp.net/web-api/overview/security/external-authentication-services 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.