ASP. NET Common permission component implementation 1. asp.net permission component

ASP. NET Common permission component implementation 1. asp.net permission component

General permission verification component for sofa (SF)

Opening

The previous article mentioned the design idea of general permissions. According to the design idea, a relatively general permission verification component is implemented step by step. In VS2010, use the C # language to implement specific functions based on the. net framework2.0 framework.

Configuration File

The configuration file is in XML format (SFPermission. xml) and has four types of nodes:

1. AppSet node: this node is configured with some basic information.

1 <AppSet> 2 <! -- Database node name (must be under connectionStrings node of Web. config) --> 3 <add key = "DataConnName" value = "ConnString"/> 4 <! -- Database connection string (only one DataConnName and ConnString node exists) --> 5 <add key = "ConnString" value = "database connection string"/> 6 <! -- Page truncation rule (0: only the file name is intercepted, 1: the full path is intercepted, 2: truncate the full path (remove the first [/] in a single file and retain the first [/] In the contained path). You can configure exceptions on the Page node) --> 7 <add key = "PageAllPath" value = "2"/> 8 <! -- Return page when you are not logged on (logon verification is successful or the Session value to be retrieved by SQL statement parameters is null or does not exist) --> 9 <add key = "OutLogin" value = "output information when no logon is performed"/> 10 <! -- Logon verification Session name --> 11 <add key = "LoginSessionName" value = "SysUserCode"/> 12 </AppSet>

Ii. MessageSet node: configure the prompt information when there is no permission.

1 <MessageSet> 2 <! -- Configuration information without permission (Key is the suffix [suffix name is wildcard] or file name, value is the text to be output) --> 3 <add key = ". aspx "value =" no permission "/> 4 <! -- Configuration information without permission (Key is the suffix and value is the text to be output) --> 5 <add key = ". ashx "value =" no permission "/> 6 </MessageSet>

3. Pages node: Set the parameter to be spliced when intercepting the authentication URL name.

1 <! -- Page configuration of parameters to be connected (the configured page uses the combined Page name as the page name for permission verification) --> 2 <Pages> 3 <! -- The first character of the name is (point), indicating that all requests with such suffix names connect to a parameter. Multiple value parameter names are separated by commas (,) --> 4 <add key = ". ashx "value =" Action "/> 5 </Pages>

Iv. Permission node: configure the page for Permission verification, the page for ignoring Permission verification, the SQL statement for Permission verification, and the query statement for Permission sub-functions (when the Permission is controlled to the button.

1 <Permission> 2 <! -- The page for permission verification (. start indicates the suffix naming rule,/start indicates the directory configuration,/End mark contains sub-Directories) --> 3 <PermissionPage> 4 <add value = "/Manage"/> 5 <add value = ". aspx "/> 6 <add value = ". ashx "/> 7 </PermissionPage> 8 <! -- The page that does not perform permission and logon verification (. start indicates the extension name configuration rules,/start indicates the directory configuration,/End mark contains subdirectories) --> 9 <Ignore> 10 <add value = "/Manage/Default. aspx "/> 11 <add value ="/Manage/Login. aspx "/> 12 <add value ="/Manage/VerifyCode. aspx "/> 13 </Ignore> 14 <! -- SQL statements used to query URL records (there can be multiple SQL statements, as long as one statement can query records. Only URL requests that can query records can perform permission verification) --> 15 <PermissionUrlSQL> 16 <! -- Query permission SQL statement --> 17 <CommandText value = "select A. FID from Man_Function A where A. FURL = @ FURL"/> 18 <Parameter> 19 <! -- SQL statement parameter name --> 20 <ParameterName value = "@ FURL"/> 21 <! -- SQL statement parameter type --> 22 <DBType value = "VarChar"/> 23 <! -- Session name to be retrieved for SQL statement parameters ([PageName] indicates the URL string) --> 24 <SessionName value = "PageName"/> 25 </Parameter> 26 </PermissionUrlSQL> 27 <! -- Permission verification SQL statements (multiple statements can be used if one statement has permissions) --> 28 <PermissionSQL> 29 <! -- Query permission SQL statement --> 30 <CommandText value = "select. FID from Man_Function A, Man_Popedom B where. FID = B. fid and B. empCode = @ EmpCode and. FURL = @ FURL "/> 31 <Parameter> 32 <! -- SQL statement parameter name --> 33 <ParameterName value = "@ EmpCode"/> 34 <! -- SQL statement parameter type --> 35 <DBType value = "VarChar"/> 36 <! -- Session name to be retrieved for SQL statement parameters ([PageName] indicates the URL string) --> 37 <SessionName value = "SysUserCode"/> 38 </Parameter> 39 <Parameter> 40 <! -- SQL statement parameter name --> 41 <ParameterName value = "@ FURL"/> 42 <! -- SQL statement parameter type --> 43 <DBType value = "VarChar"/> 44 <! -- Session name to be retrieved for SQL statement parameters ([PageName] indicates the URL string) --> 45 <SessionName value = "PageName"/> 46 </Parameter> 47 </PermissionSQL> 48 <! -- Query the SQL statements of the URL subitem record (there can be multiple, as long as one statement can query the record, only the URL request that can query the record will undergo permission verification, usually it is required when the permission needs to be controlled to the button) --> 49 <ChildUrlSQL> 50 <! -- Query permission SQL statement --> 51 <CommandText value = "select A. FID from Man_Function A where A. FID = @ FID"/> 52 <Parameter> 53 <! -- SQL statement parameter name --> 54 <ParameterName value = "@ FID"/> 55 <! -- SQL statement parameter type --> 56 <DBType value = "Int"/> 57 <! -- Session name to be retrieved for SQL statement parameters ([PageName] indicates the URL string) --> 58 <SessionName value = "PageName"/> 59 <! -- Name of the column to be retrieved by the SQL statement parameter (the column of the SQL statement in the PermissionSQL node, [PageName] indicates the string of the URL ), and SessionName nodes cannot be co-workers --> 60 <ColumnName value = "FID"/> 61 </Parameter> 62 </ChildUrlSQL> 63 <! -- Subitem query of the menu (usually required when the permission needs to be controlled to the button) --> 64 <ChildSQL> 65 <! -- Query SQL statements --> 66 <CommandText value = "select A. FID from Man_Function A where A. FID = @ FID"/> 67 <Parameter> 68 <! -- SQL statement parameter name --> 69 <ParameterName value = "@ FID"/> 70 <! -- SQL statement parameter type --> 71 <DBType value = "Int"/> 72 <! -- Name of the Session to be retrieved for SQL statement parameters --> 73 <SessionName value = "DateTime"/> 74 <! -- Name of the column to be retrieved by the SQL statement parameter (the column of the SQL statement in the PermissionSQL node, [PageName] indicates the string of the URL ), and SessionName nodes cannot be co-workers --> 75 <ColumnName value = "FID"/> 76 </Parameter> 77 <! -- Button permission flag column name, this value corresponds to the [sfcode] value of the foreground page element --> 78 <ButtonFlagColumn value = "FID"/> 79 </ChildSQL> 80 </Permission>

The ChildUrlSQL and ChildSQL nodes are used only when the permission verification is controlled to the button (Function Point). You can delete these two nodes only on the page;

PermissionUrlSQL and PermissionSQL are SQL statement configurations that control permission verification when the page is reached. If you only perform simple logon verification, you can also delete these two nodes.

The next article will introduce the overall structure and implementation of components, and the specific coding work has been completed. It is also possible to perform a preliminary test.

Question about the net common permission management component

Some systems require complex components to set permissions. For example, the logging function is also available in the system. You can write SQL records by yourself. You can also use log4net. Of course, the latter is much more troublesome and requires many configuration items, however, the function is very powerful. The same applies to general permission management.
In the end, it depends on your own needs.

C # aspnet B/S version general software management system rapid development architecture source code

I have. Contact us at night.