Role-based permission control in aspnetforums

Original article: http://blog.joycode.com/dotey/archive/2005/02/24/44791.aspx

In aspnetforums, user permissions are similar to role-based permission control in windows. In this way, we can set different roles and permissions for each role as needed, different users are assigned different roles. Determine the permissions and operations that the user can perform based on the role of the user.

First lookDatabase Design:
Forums_users table, user table, userid as the primary key, uniquely identifies a user
Forums_roles table, role table, and roleid are the primary key, which uniquely identifies a role.
Forums_usersinroles table, user-role ing table, stores user roles
In the forums_forumpermissions table, the permissions of a role in a forum record the operations that can be performed by each role in each Forum.

Let's see ifHow to determine user operation PermissionsOf:
After a user logs on to the Forum, he/she needs to obtain information about all Forum sections and cache the Forum information. He/she also needs to obtain information about operations performed by the current user on each Forum (such as posting new posts, voting, and attachments). There are three types of operation permissions: "permission", "no permission", and "not set". If this is not set, it depends on the default permission of this operation. A user can belong to multiple roles, and each role has different operation permissions. To determine whether the user has the permissions for the current operation, traverse all roles of the user, if any role has permissions, the user has permissions for this operation. For specific implementation, see the source code:
The getforums (forumcontext, int userid, bool ignorepermissions, bool cacheable) method in Components \ forums. CS and the dispatch method in Components \ provider \ forumsdataprovider. CS.

Combination of roles and web. config:
ASP. NET has a function that can be used to control client access to URL resources (see the description on Quickstart ). For the HTTP method used to generate the request (GetOrPostIs configurable and can be configured to allow or deny access to user groups or role groups. This method is also applied to aspnetforums. For example, there is a web under the Admin directory (Administrator operation related page) and moderate directory (Moderator operation related page. config directory, through the Web. you can set the access permission of the URL client in the directory.

Take the configuration in Web. config In the Admin directory as an example:
<Authorization>
<Allow roles = "Global Administrators"/>
<Allow roles = "site administrators"/>
<Deny users = "*"/>
</Authorization>
This indicates authorization to the global administrators and site administrators roles. Other users are prohibited from accessing the pages in this directory. If you want the Moderator to access some pages, you can add the following Configuration:
<Location Path = "forumadmin. aspx">
<System. Web>
<Authorization>
<Allow roles = "Global Administrators"/>
<Allow roles = "site administrators"/>
<Allow roles = "Global moderators"/>
<Allow roles = "site moderators"/>
<Deny users = "? "/>
</Authorization>
</System. Web>
</Location>
In this way, users who belong to the global moderators or site moderators role can also access the URL/admin/forumadmin. aspx.

WhySet the logon User Role?
For specific implementation, see source code: Components \ roles. CS andArticleHow to Create a genericprincipal object using Forms authentication