Design and Implementation of ASP. NET System User Permissions (1)

Introduction

E-commerce systems have high security requirements. Traditional Access Control methods include DACDiscretionary Access Control and autonomous Access Control model), MACMandatory Access Control, and mandatory Access Control model) it is difficult to meet complex enterprise environmental requirements. Therefore, NISTNational Institute of Standards and Technology, the National standardization and technical committee of the United States) proposed a Role-Based Access Control Method in Early 1990s to achieve logical separation of users and access permissions, more in line with the enterprise's user, organization, data and application features. ASP. NET is a new-generation ASPActive Server Pages scripting language launched by Microsoft to compete with JSP. It draws on the advantages of JSP and has its own new features.

This article will first introduce the basic idea of ASP. NET system user permission, on this basis, gives a specific method to implement user permission control in the E-commerce system.

ASP. NET Overview

1. ASP. NET

ASP. NET is the latest version of Microsoft's popular dynamic WEB programming technology activity Server WEB page ASP), but it is far from a traditional simple ASP upgrade. The biggest difference between ASP. NET and ASP lies in the transformation of programming thinking. ASP. NET is the real Object-oriented, not just the enhancement of functions.

In ASP. NET, a Web form page consists of two parts: visual elements HTML, server controls, and static text) and the programming logic of the page. Each part is stored in a separate file. The visible element has. created in the aspx file, and the code is located in a separate class file. This file is called a code hiding class file with the extension. aspx. vb or. aspx. cs. In this way, the. aspx file stores all the elements to be displayed, and the storage logic in the aspx. vb or. aspx. cs file.

2. User Control)

To allow users to easily define controls as needed, ASP. NET introduces the concept of Web forms user controls. In fact, you only need. aspx can be converted to a Web user control with the extension. ascx ,. ascx and. the aspx file also has a code hiding class file that stores logic. The extension is. ascx. vb or. ascx. cs, but it cannot be run as an independent Web form page, only when included in. in the aspx file, the user control can work.

Follow these two steps to set a user control on the WEB forms page:

1) Use the @ Register command to Register the user control in the. aspx file. To register the header file headinner. ascx in the relative path "../UserControl/", use the following method:

 
 

  
  
〈%@ Register TagPrefix="Acme"   
  
  
TagName="Head" Src="../UserControl/headinner.ascx" %〉  
 
 

2) Declare the user control element between the start mark and end mark of the server control (<form runat = server> </form>. For example, to declare the preceding imported control Syntax:

 
 

  
  
〈Acme: Head runat="server"/ 〉  
 
 

In this way, the control becomes a part of the page and will be displayed when processing the page. In addition, the Public attributes, events, and methods of the control will be made public to the Web forms page and can be used programmatically. Based on this principle, You can encapsulate the operations to be performed during page initialization, such as logon verification and role verification, in the user control.

RBAC Basic Ideas

The basic idea of RBAC role access control can be simply expressed in Figure 1, that is, the entire ASP. the process of user permission access control in the. NET system is divided into two steps: the access permission is associated with the role, and the role is associated with the user, thus realizing the logical separation of the user and access permission.

RBAC achieves logical separation between users and access permissions, which greatly facilitates permission management. For example, if a user's position changes, you only need to remove the current role of the user and add the role representing the new position or new task, changes Between roles and permissions are much slower than changes between roles and user relationships. Assigning a user to a role does not require many techniques and can be performed by administrative staff, however, configuring permissions to roles is complicated and requires some technical skills, which can be undertaken by dedicated technical personnel, but users are not assigned permissions, this is exactly the same as in reality.