开发者

Enforcing web.config authorization entries

问答 作者:

Ultimate goal is to provide protection against programming mistakes. I want to make sure that every page in a portion of my web application has a role specified like below. Ideally I wo开发者_开发问答uld like to programatically check all requests coming in ( think IHttpModule ) and make sure that the page being requested has a role specified.

I can't seem to find how to get programatic access to the allowed roles.

<location path="foo.aspx">
 <system.web>
  <authorization>
   <allow roles="modifier"/>
  </authorization>
 </system.web>
</location>

make a deny * in the root, so every page is not allowed, until it is explicitly activated....

Stumbled across this AuthorizationRuleCollection.

From MSDN, I've not tried it as I solved my problem using a tecnique similar to the AuthorizeAttribute in the MVC framework.

System.Configuration.Configuration configuration = WebConfigurationManager.OpenWebConfiguration("/aspnetTest");
AuthorizationSection authorizationSection = (AuthorizationSection)configuration.GetSection("system.web/authorization");

继续阅读:asp.netconfigurationweb-config

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9