堆栈内存溢出
  简体   繁体   English

ASP.NET Web窗体-Web窗体的安全性

[英]ASP.NET Web Forms - Security of Web Forms

 原文  2011-12-19 11:30:27       c#/ asp.net/ webforms

问题描述

simple but hard to solve question on Web Forms. 简单但难以解决的Web窗体问题。

I enforced a role-based access on my web form application, but I would like to tailor the access based on WebForm or URL, something like 我在Web表单应用程序上实施了基于角色的访问,但是我想基于WebForm或URL定制访问,例如

/Administration/* --> only admins /Users/* --> admins and users /* --> anonymous also / Administration / *->仅管理员/ Users / *->管理员和用户/ *->也匿名

Any hint on how to do it on web.config? 关于如何在web.config上做任何提示?

Thank you and best regards 感谢你并致以真诚的问候

2 个解决方案

解决方案1
 2 已采纳  2011-12-19 11:37:06

<location path=”Admin”>
                <authorization>
                                <allow roles=”Admin” /> 
                                <deny users=”*” />
                <deny roles=”*” /> 
                </authorization>
</location>

or take a look here: http://support.microsoft.com/kb/316871 or http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx 或在此处查看: http : //support.microsoft.com/kb/316871http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a- web-config.aspx中的特定页面或文件夹

解决方案2
 1  2011-12-19 11:51:49

An easiest way would be to create local web.config files in each of your subfolders. 最简单的方法是在每个子文件夹中创建本地web.config文件。 Such local web.config would only contain the authorization information so that the built-in UriAuthorizationModule could do the rest for you. 这样的本地web.config仅包含授权信息,以便内置的UriAuthorizationModule可以为您完成其余工作。

For example, inside the /Admin folder create a web.config with 例如,在/ Admin文件夹中,使用以下命令创建一个web.config 

<configuration>
 <system.web>
 <authorization>
   <allow roles="Admin" />
   <deny users="*" />
 </authorization>
 </system.web>
</configuration>

thus giving the access to only users who are administrators. 因此,仅授予管理员用户访问权限。 Apply the same to other subfolders and you are done - under a condition that a role manager exists and provides the information about users' roles. 将其应用于其他子文件夹即可完成-在存在角色管理器并提供有关用户角色信息的条件下。

Creating local web.config s containing only the authorization data in each subfolder gives you fine-grained control over your authorization. 在每个子文件夹中创建仅包含授权数据的本地web.config ,可以使您对授权进行细粒度的控制。 The alternative would be to provide this information in the main web.config but it would soon become overloaded with many authorization nodes referring to different locations. 替代方法是在主web.config提供此信息,但是很快,由于指向不同位置的许多授权节点,该信息将变得超载。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Web表单中的ASP.NET Web Api - ASP.NET Web Api in Web forms ASP.NET Web 窗体中的错误消息 - Error Message in ASP.NET Web Forms Asp.net Web窗体垂直表 - Asp.net Web Forms Vertical Table 将为asp.net Web表单提供SPA模板吗? - Will there be a SPA template for asp.net web forms? 将jqGrid与Asp.Net Web窗体一起使用 - Using jqGrid with Asp.Net Web Forms 在ASP.NET Web窗体中过滤结果 - Filtering results in ASP.NET Web Forms ASP.NET Web窗体与关注点分离 - ASP.NET Web Forms and separation of concerns asp.net中Web窗体的自定义按钮 - Custom buttons for Web Forms in asp.net 文件夹上传 asp.net web forms - Folder upload in asp.net web forms asp.net中的ErrorMessage和ValidationSummary(Web表单) - ErrorMessage and ValidationSummary in asp.net (web forms)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM