How to control access control?
- I have asp.net project which has got GridViews, Buttons, Navigators etc...
- I have 10-15 role types. For example:
Access Management must be:
Products.aspx
RoleType1
can seeGridView1
,Gv2
,Gv3
(But can not seeGv3's colum开发者_开发问答n2
)RoleType2
can seeGv1
,Gv2
(But can not seeGv2's column3
),Gv3
( (But can not seeGv3's Column4
)
Also:
RoleType3
can seebutton1
,button2
(But can not seeButton3
), Can seeGv2
(But can not seeGv2's column3
)
ProductsDetail.aspx
RoleType1
can seeGridView1
,Gv3
,Gv2
(But can not seeGv2's column3
),Gv4
RoleType2
can seeGv3
,Gv4
(But can not seeGv3's column3
), Gv4( (But can not seeGv4's Column4
)
Also:
RoleType3
can seebutton3
,button4
(But can not seeButton1
), Can seeGv2
(But can not seeGv2's column5
)
I can create more fantastic scenario. how can I manage this role? i want to separate this role types from WEB.CONFIG.
For example I can write sql db this role and than I create an xml and than write xml from db. Do you have any idea to make it?
Have you looked at Microsoft-s AzMan-Authorization Manager ?
It contains an API to program against to ask CanSeeGridView1, CanSeeGridView2, ...
and a gui (azman.msc) where you can define roles and map rights (RoleType1 can see GridView1) and store them in an xml-file.
精彩评论