ASP. NET simplest user permission management

Some time ago I saw the friendev open-source project by Microsoft in China and found that they had a way to manage user permissions. First, create several directories on the website that require permissions to access, and then create a directory that can be accessed without permissions. For example, the member management page that requires permissions: Member, public page: Public

Add an empty project stbusiness, add an authenticationmodule class, and then create an applicationsettings. CS class to record the file path and constant, and inherit the ihttpmodule interface from the authenticationmodule class.

Public class authenticationmodule: ihttpmodule
{

}

Add the initialization method to the class

Public void Init (httpapplication context)
{
Context. acquirerequeststate + = new eventhandler (context_acquirerequeststate );
}

Add test process

 

Private void context_acquirerequeststate (Object sender, eventargs E)
{
Httpcontext context = httpcontext. Current;
String Path = context. Request. Path. tolower ();

// Only process the aspx file, because other files cannot obtain the session object and cannot determine whether the user has logged on
If (path. endswith (". aspx "))
{
// If the user does not log on, false is returned.
If (! Userrules. instance. iscurrentuserlogined)
{
// Do not judge the files in the public folder or root directory
If (path. startswith ("/" + applicationsettings. publicfoldername + "/") = false &&! (Path. lastindexof ("/") = 0 ))
{
// Jump to the homepage of the Public page
Context. response. Redirect (applicationsettings. publiclogoutfilename, false );
Context. applicationinstance. completerequest ();
}
}
Else // After logging in, check whether it is 587 or a common user.
{
If (path. tolower () = applicationsettings. memberae. tolower () | Path = applicationsettings. memberse. tolower ())
{
If (context. session [applicationsettings. sessionuseridkey]. tostring ()! = "587 ")
{
// Jump to the original page
Context. response. Redirect (applicationsettings. memberstm, false );
Context. applicationinstance. completerequest ();
}
}
}
}
}

InCodeThe preceding method userrules. instance. iscurrentuserlogined is used to check whether logon is successful.

Add the userrules class. The code for user login in singleton mode is as follows:

Public class userrules
{
Private Static userrules _ instance;

Public static userrules instance
{< br> Get
{< br> If (_ instance = NULL)
{< BR >_instance = new userrules ();
}< br> return _ instance;
}< BR >}

Private userrules ()
{

}

}

Then add the iscurrentuserlogined method to the userrules class.

Public bool iscurrentuserlogined
{
Get
{
If (httpcontext. Current. session ["uid"] = NULL)
{
Return false;
}
Return true;
}
}

The last step is to configure in Web. congif.

<Httpmodules>
<Add name = "authenticationmodule" type = "stbusiness. authenticationmodule, stbusiness"/>
</Httpmodules>

 

In this way, the simplest user permission management function is completed, and it is a good solution for small and simple websites.