开发者

ASP.NET access controls

问答 作者:

I am trying to build an ASP.NET 3.5 website that allows users to log in and browse a couple of pages. I would like to restrict certain users to be able to view certain pages but I'm having trouble coming up with a custom and flexible system. I have seen MS's version of this but it's not what I am looking for. Can anyone direct me to some good online articles or even a video tutorial so I can do further research. Thanks!

P.S. I have tried creating a class that inherits from System.Web.UI.Page which does some checking but it's getting messy. All my other pages inherit from that common page. Is this a 开发者_如何学Ccommon practice? How have you guys solved this problem in the past?

The best way to implement this would be, Forms Authentication coupled with Custom Role Provider.

Hope you know, for Forms Authentication to work, you need not have to use the Complete Database Setup that MS uses to Authenticate.

You can simply have your own Database and Validate a user yourself, and just set the cookie.

String UserName = "CoolGuy";
Boolean isValidUser = YourClass.YourMethod(UserName);
if (isValidUser)
{ FormsAuthentication.setAuthCookie(UserName, false); }

This will authenticate the user "CoolGuy" for the session, provided YourMethod returns true.

You can use this, coupled with custom role provider. This gives you the facility to check User.IsInRole("Role"); in your code.

To Start with CustomRoleProvider.. here is a good reference... http://davidhayden.com/blog/dave/archive/2007/10/17/CreateCustomRoleProviderASPNETRolePermissionsSecurity.aspx

  • Raja

Well, without knowing the exact details of your app, one thing you could use is the Role Manager built into the Membership API.

Basically, you would create roles for each page and assign users to the roles (pages) you would want them to view.

In the code behind for each page, on the On_Load event, I would simply call the method 

if(Roles.IsUserInRole(rolePageName))
{
  //Continue page loading logic
}
{
  //Redirect or transfer the user elsewhere
}

For this kind of logic you may want to reconsider using an inherited page, otherwise you're going to have to come up with a way to retrieve the URL of the page and pass that into some long list of if-else or switch statements to call the proper Roles.IsUserInRole method.

继续阅读:asp.netasp.net-membership

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9