Permission Design Based on the membership system roles, users, and resources in ASP. net2.0

The system usually requires the assignment of user and role permissions. Therefore, I would like to summarize my point of view today.
First, my user management system is based on Microsoft's membership. Therefore, you must first install and configure it in the system. For the installation method, see "how to configure and install membership". I will not go into details here.
My structure is as follows:
Table:
Membership has provided us with user tables and permission tables (aspnet_roles, aspnet_membership, aspnet_users), and other auxiliary tables. My membership is based on these tables, so the user attributes of each system are certainly not the same, so you need to create your own "user information table". The user information table must be associated with the aspnet_membership table, this solves the problem of changing user information in the system. The aspnet_usersinroles table in membership already associates users with roles, so we don't have to worry about it.
General idea:
In order to achieve flexible online real-time configuration of user permissions in the future, users do not directly face resources (resources can be simply understood as a webpage in the system ), roles directly face resources (the ing between roles and resources is configured using XML files). Membership between users and roles has provided us with many powerful methods to support it, therefore, the entire membership management system becomes simple and well maintained in the future.
Most of the system background frameworks are in the upper and lower layers, and the middle is divided into the left and right frameworks. The left is generally the management link of the system. I use the panelbar control combined with the XML file view. how to Use the panelbar control in the. NET SystemProgramThe content in the XML file is dynamically loaded based on the current login user's role, which makes it easy to dynamically bind resources based on the role.
:
Panelbar Effect

 
Role management diagram

 
User Configuration diagram under the role

Part Code :
Part of the code of the XML file called by panelbar:
Note: The userdatastring attribute corresponds to the role name.
Each item (including groups and details) has a userdatastring attribute. userdatastring corresponds to the role in membership.
If the userdatastring attribute in the group is null, it means that this group is a public role group and can all enter
If the userdatastring attribute in the details is empty, it means that as long as you can enter the role in this group, you can manage it.
You can flexibly Configure permissions based on the userdatastring in the group and the userdatastring in the details.
<Group caption = "User basic information management" userdatastring = "User basic information management">
<Item caption = "Basic Data Maintenance" iconimage = "/item.gif" target = "Main" url = "#" userdatastring = ""/>
<Item caption = "Password Change" iconimage = "/item.gif" target = "Main" url = "#" userdatastring = ""/>
</Group>
<Group caption = "system basic data management" userdatastring = "system basic data management">
<Item caption = "provincial, municipal, and county data management" iconimage = "/item.gif" target = "Main" url = "#" userdatastring = ""/>
<Item caption = "project-type data management" iconimage = "/item.gif" target = "Main" url = "#" userdatastring = ""/>
<Item caption = "company Department data management" iconimage = "/item.gif" target = "Main" url = "#" userdatastring = ""/>
</Group>
<Group caption = "announcement management" userdatastring = "announcement management">
<Item caption = "Publish announcement" iconimage = "/item.gif" target = "Main" url = "#" userdatastring = ""/>
<Item caption = "Management announcement" iconimage = "/item.gif" target = "Main" url = "#" userdatastring = ""/>
</Group>
<Group caption = "System Management" userdatastring = "System Management">
<Item caption = "role management" iconimage = "/item.gif" target = "Main" url = "Membership/role_add.aspx" userdatastring = ""/>
<Item caption = "database backup" iconimage = "/item.gif" target = "Main" url = "backdata. aspx" userdatastring = ""/>
</Group>
After a user logs in, the XML file is dynamically loaded. Only resource items belonging to the current user role are selected:
/// <Summary>
/// Locate the logon role of the current user
/// </Summary>
/// <Param name = "Roles"> role list </param>
Private void bindgudata (string [] roles)
{
If (roles. length> 0) // The current logon user has a role
{
String tmpudata = "";
Object mytpmo;
For (INT I = 0; I <this. panelbar1.groups. Count; I ++)
{
Mytpmo = This. panelbar1.groups [I]. userdata;
If (mytpmo! = NULL)
{
Tmpudata = mytpmo. tostring (). Trim ();
}
Else
{
Tmpudata = "";
}
If (tmpudata! = "") // Check whether it belongs to a public module
{
If (! Common. commonother. checkarray (roles, tmpudata) // check whether the user has permissions for this group.
{
This. panelbar1.groups. Remove (I); // remove if no
I =-1;
}
Else // if you have group permissions to View Details
{
This. commonitems (this. panelbar1.groups [I]. Items, roles );
}
}
Else // The Public Module checks its details
{
This. commonitems (this. panelbar1.groups [I]. Items, roles );
}
}
}
Else // clear all without any roles
{
This. panelbar1.groups. Clear ();
}

}

///

// detailed permission Control
///
/// permission group sequence
/// checked User Permissions
private void commonitems (coalesys. panelbar. items itemss, string [] roles)
{< br> string tmpudata2 = "";
Object tmpo;
for (Int J = 0; j {< br> tmpo = itemss [J]. userdata;
If (tmpo! = NULL)
{< br> tmpudata2 = tmpo. tostring (). trim ();
}< br> else
{< br> tmpudata2 = "";
}< br> If (tmpudata2! = "") // Have detailed permission Control
{< br> If (! Common. commonother. checkarray (roles, tmpudata2) // check whether the user has the permission for this details
{< br> itemss. remove (j); // remove if no value exists
J =-1;
}< BR >}< br> judge loading when the user logs on to the background:

If (! This. ispostback)
{
Bindpannelbar (); // load the pannelbar control. For details, see "use of the coalesys panelbar for ASP. NET control".
Bindgudata (roles. getrolesforuser (); // call the function I wrote above.
}
OK. The above membership architecture is basically a common one. You can use it in any member management system, and it is also very convenient for later management and maintenance.

ArticleSource (web development technology knowledge base): http://cn-web.com/cnweb/0/464/article/