ASP. NET system user permission Design and Implementation

Abstract Based on the basic concept of RBAC and using the user control technology in ASP. NET, this paper designs a specific implementation method for user permission control in e-commerce systems.
Keywords ASP. NET role access control user control
Introduction
E-commerce systems have high security requirements. The traditional Access Control method DAC (Discretionary Access Control, autonomous Access Control model), MAC (Mandatory Access Control, Mandatory Access Control Model) it is difficult to meet complex enterprise environmental requirements. Therefore, NIST (National Institute of Standards and Technology, National standardization and Technology Commission) proposed a Role-Based Access Control Method in Early 1990s to achieve logical separation of users and access permissions, more in line with the enterprise's user, organization, data and application features. ASP. NET is a new generation of ASP (Active Server Pages) scripting language launched by Microsoft to compete with JSP. It draws on the advantages of JSP and has some new features.
This article first introduces the basic situation of ASP. NET and the basic idea of RBAC (Role Based Access Control). On this basis, it provides a specific method for implementing user permission Control in e-commerce systems.
ASP. NET Overview
1. ASP. NET
ASP. NET is the latest version of Microsoft's popular dynamic WEB programming technology activity Server WEB page (ASP), but it is far from a traditional simple ASP upgrade. The biggest difference between ASP. NET and ASP lies in the transformation of programming thinking. ASP. NET is the real Object-oriented (Object-oriented), not just the enhancement of functions.
In ASP. NET, a Web form page consists of two parts: visual elements (HTML, server controls, and static text) and programming logic of the page. Each part is stored in a separate file. The visible element has. created in the aspx file, and the code is located in a separate class file. This file is called a code hiding class file with the extension. aspx. vb or. aspx. cs. In this way, the. aspx file stores all the elements to be displayed, and the storage logic in the aspx. vb or. aspx. cs file.
2. User Control)
To allow users to easily define controls as needed, ASP. NET introduces the concept of Web forms user controls. In fact, you only need. aspx can be converted to a Web user control with the extension. ascx ,. ascx and. the aspx file also has a code hiding class file that stores logic. The extension is. ascx. vb or. ascx. cs, but it cannot be run as an independent Web form page, only when included in. in the aspx file, the user control can work.