堆栈内存溢出
  简体   繁体   English

如何使用角色保护ASP.Net中的网页?

[英]How to secure webpages in ASP.Net with roles?

 原文  2009-06-15 12:12:17       c#/ .net/ asp.net/ authentication

问题描述

In my application I have different roles and offcourse multiple pages. 在我的应用程序中,我有不同的角色,并且课程多页。 How do I secure webpages that may not be accessed by certain roles? 如何保护某些角色可能无法访问的网页?

Imagine group 1 has access to webpage a.aspx, b.aspx and c.aspx but not to webpage d.aspx. 想象一下,组1可以访问网页a.aspx,b.aspx和c.aspx,但不能访问网页d.aspx。 How do i secure that when a user of group 1 types in d.aspx he cannot view the page? 如何确保当第1组的用户键入d.aspx时,他无法查看页面?

3 个解决方案

解决方案1
 3 已采纳  2009-06-15 12:15:55

You have to add in web.config, which Role can get which page. 您必须添加web.config,哪个Role可以获取哪个页面。 

<location path="yourPage.aspx">
    <system.web>
        <authorization>
            <deny users="?"/>
            <allow roles="Super Admin"/>
                            <deny users="Admin"/>

        </authorization>
    </system.web>
</location>

解决方案2
 0  2010-02-18 16:53:22

This might help you. 这可能对您有帮助。

Authorization module which applies authorization to matching urls: http://code.google.com/p/talifun-web/wiki/RegexUrlAuthorizationModule 将授权应用于匹配网址的授权模块: http : //code.google.com/p/talifun-web/wiki/RegexUrlAuthorizationModule

解决方案3
 0  2009-06-15 12:15:43

This is a big topic but I think what you want to look into is the ASP.NET Membership Provider. 这是一个很大的话题,但是我认为您要研究的是ASP.NET Membership Provider。

I would start here: Examining ASP.NET 2.0's Membership, Roles, and Profile . 我将从这里开始: 检查ASP.NET 2.0的成员资格,角色和配置文件

There's one thing messageboard websites, eCommerce websites, social network websites, and portal websites share in common: they all provide user accounts. 留言板网站,电子商务网站,社交网络网站和门户网站有一个共同点:它们都提供用户帐户。 These websites, and many others, allow (or require) visitors to create an account in order to utilize certain functionality. 这些网站以及许多其他网站都允许(或要求)访问者创建一个帐户,以利用某些功能。 For example, a messageboard website, like ASPMessageboard.com, allows anonymous and authenticated visitors to view and search the posts in the various forums. 例如,留言板网站(如ASPMessageboard.com)允许匿名和经过身份验证的访问者查看和搜索各种论坛中的帖子。 However, in order to be able to post a new thread or reply to a message a visitor must have an account and must log into the site. 但是,为了能够发布新主题或回复消息,访问者必须拥有一个帐户,并且必须登录该站点。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.net网页日历 - ASP.net Webpages calendar 如何在ASP.NET MVC中实现角色? - How to implement roles in ASP.NET MVC? 如何在ASP.NET中的更多网页中拆分Gridview? - How to split a Gridview in more webpages in ASP.NET? 如何在ASP.NET WebPages C#中创建StackedColumn图表? - How To Create A StackedColumn Chart in ASP.NET WebPages C#? 如何将我的asp.net网页分为2个网页? - how to divide my asp.net web page into 2 webpages? 如何在 ASP.net razor 网页中使用“Using”语句? - How to use the “Using” statement in ASP.net razor webpages? 如何保护ASP.Net中上传的文件 - How to secure uploaded files in ASP.Net 如何保护 ASP.NET Core 中的健康检查? - How to secure healtchecks in ASP.NET Core? 这个ASP.Net身份验证模型的安全性如何? - How secure is this ASP.Net authentication model? 如何在ASP.NET中保护AJAX请求? - How to secure AJAX request in ASP.NET?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM