开发者

ASP.NET web application role based security [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.

Closed 8 years ago.

Improve this question

We are writing a web application to be deployed on our intranet. We want to implement role based security but would like to not write it all from scratch.

Is there anything built into .N开发者_运维问答ET to do this or can anybody recommend a tool.


Also consider switching to authenticate against your central directory, like Active Directory if you run it, so you don't have to maintain two separate user account databases and passwords. This is quite easily done with the membership model like in this example. Groups in AD will be roles and so forth.


Yes, just take a look at the Membership API.

This blog post from Scott Guthrie has links to several resources to help you get started.

http://weblogs.asp.net/scottgu/archive/2006/02/24/asp.net-2.0-membership_2c00_-roles_2c00_-forms-authentication_2c00_-and-security-resources-.aspx


Membership provider works well. I've provided a sample from our web.config:

<membership defaultProvider="CSLAMembershipProvider">
   <providers>
                <add name="CSLAMembershipProvider"
      type="..."
      functionalProvider="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
      enableSearchMethods="true"
      connectionProtection="None"
      attributeMapPasswordQuestion="..."
      attributeMapPasswordAnswer="..."
      attributeMapFailedPasswordAnswerCount="..."
      attributeMapFailedPasswordAnswerTime="..."
      attributeMapFailedPasswordAnswerLockoutTime="..."
      enablePasswordReset="true"
      requiresQuestionAndAnswer="true"
      minRequiredPasswordLength="1"
      minRequiredNonalphanumericCharacters="0"
      passwordStrengthRegularExpression="(?=.{8,})(?=(.*\d){1,})(?=(.*\W){1,})(?=(.*[a-z)){1,})(?=(.*^[a-z]){1,})"
      connectionStringName="..."
      />
   </providers>
</membership>
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜