拒绝访问特定角色
[英]Deny access to specific roles
问题描述
I have a folder UserManagement with role based access and is as below. 
我有一个具有基于角色访问权限的文件夹UserManagement,如下所示。
<authorization>
<deny users="?" />
<allow roles="UserAdmin_M"/>
<allow roles="UserAdmin_MC"/>
<deny roles="ReportsAdmin"/>
</authorization>
Admin will have access to other folders as well like reports. 管理员将有权访问其他文件夹以及报告。 Now the problem is, I'm having an user "TestUser" with roles UserAdmin_M and ReportsAdmin but the application is blocking the access to "UserManagement" folder for TestUser. 现在的问题是,我有一个角色为UserAdmin_M和ReportsAdmin的用户“ TestUser”,但是该应用程序阻止了对TestUser的“ UserManagement”文件夹的访问。 How to overcome this? 如何克服呢?
1 个解决方案
解决方案1
1 已采纳 2012-08-08 08:45:57
I might be wrong, but could this have something to do with the order in which you have assigned the roles to your user? 我可能是错的,但这可能与您将角色分配给用户的顺序有关吗? From MSDN it states: 从MSDN,它指出:
At run time, the authorization module iterates through the allow and deny elements, starting at the most local configuration file, until the authorization module finds the first access rule that fits a particular user account .
Make sure you are assigning the UserAdmin_M role before the ReportsAdmin rule. 确保在ReportsAdmin规则之前分配了UserAdmin_M角色。
FYI - you can comma separate roles in your configuration: 仅供参考-您可以在配置中用逗号分隔各个角色:
<authorization>
<deny users="?" />
<allow roles="UserAdmin_M, UserAdmin_MC" />
<deny roles="ReportsAdmin" />
</authorization>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.