ASP. NET permission management,

ASP. NET permission management,

What should I do if I want to allow only one user group to access one folder?

Can I set it in web. config under the root directory of the website as follows:

<location path="admin">    <system.web>      <authorization>        <allow roles="adminer">        </allow>        <deny users="*">        </deny>      </authorization>    </system.web>  </location>

(Note: after testing, this is acceptable. Here we only want to show that web. config is layered and overwritable)

At last, I thought that adding a web. config rewrite under each folder

<Authorization/>

For example:

Web. config in the folder:

<?xml version="1.0" encoding="utf-8" ?><configuration>   <system.web>      <authorization>            <allow  roles = "admin"/>            <deny   user  = "?"/>    </authorization> </system.web></configuration>

 

Web. congfig in the B folder

<?xml version="1.0" encoding="utf-8" ?><configuration>   <system.web>      <authorization>            <allow  roles="teacher"/>              <deny users = "?" roles = "student,admin"/>    </authorization> </system.web></configuration>

In this way, different authorizations are implemented for different folders.

 

Role-based verification is complete.

The implementation method is as follows:

1. Set in web. config as follows:

<system.web>       <authorization>              <allow = “roleslist”              <deny users = “?”/>       </authorization></system.webconfig>

After successful login, a ticket is generated, which stores user name and role information, sends the ticket to the client, and jumps to the request page.

For example:

// If verification is passed if (IsPass) {FormsAuthenticationTicket ticket = new FormsAuthenticationTicket (1, studentinfo. userid, DateTime. now, DateTime. now. addMinutes (30), false, studentinfo. role, "/"); string CodeTicket = FormsAuthentication. encrypt (ticket); HttpCookie cookie = new HttpCookie (FormsAuthentication. formsCookieName, CodeTicket); Context. response. cookies. add (cookie); Context. response. redirect (RedirectTarget );}

 

2. Obtain the role information in the cookie of the client in Application_AuthenticateRequest in Gloabal. asa. cs, and generate the GenericPrincipal object and save it in Application. Conext. User.

For example:

Protected void Application_AuthenticateRequest (Object sender, EventArgs e) {HttpApplication App = (HttpApplication) sender; HttpContext Ctx = App. context; // obtain the HttpContext object related to this Http request if (Ctx. request. isAuthenticated = true) // The authenticated user performs role processing {FormsIdentity Id = (FormsIdentity) Ctx. user. identity; FormsAuthenticationTicket Ticket = Id. ticket; // get the authentication Ticket string [] Roles = Ticket. userData. split (','); // convert the role data in the authentication ticket to a string array Ctx. user = new GenericPrincipal (Id, Roles); // Add the original Identity to the role email // create a GenericPrincipal to indicate the current User, so that the current User has the role information }}

 

Database design diagram:

 

Reference:. net user role and access permission Control

RBAC user permission management for large portal websites