Asp. Design and implementation of user rights in net system

Based on the basic idea of RBAC and using the user control technology in ASP.net, this paper designs a specific realization method of user Privilege control in e-commerce system.

Keyword asp.net role access control user control

Introduction

E-commerce systems have higher requirements for security issues, traditional access control methods DAC (discretionary access controls, autonomic access control models), MAC (Mandatory access controls, Mandatory access control model) is difficult to meet complex enterprise environment requirements. As a result, NIST (national Institute of Standards and Technology, United States Committee on Standardization and Technology) proposed a role-based access control approach in the early 90 to achieve a logical separation of user and access rights, more in line with enterprise users, Organization, data, and application characteristics. Asp. NET is a new generation of ASP (Active Server Pages) scripting language, which is introduced by Microsoft in order to contend with JSP, it borrows the advantages of JSP, and it has its own characteristics.

This paper will first introduce the basic situation of asp.net and the basic idea of RBAC (role Based Access Control), and on this basis, give a specific method to realize the user's rights controlling in e-commerce system.

Asp. NET Overview

1, asp.net

Asp. NET is the latest version of Microsoft's popular Dynamic Web programming Technology Activity Server Web page (ASP), but it is far from a traditional ASP simple upgrade. Asp. NET and ASP the biggest difference is the conversion of programming thinking, ASP. NET is a real object-oriented (object-oriented), not just a feature enhancement.

In ASP.net, Web forms pages are made up of two parts: visual elements (HTML, server controls, and static text) and programming logic for the page. Each of these parts is stored in a separate file. The visual element is created in an. aspx file with an extension, and the code is in a separate class file called the code-behind class file name extension. aspx.vb or. aspx.cs. In this way, the. aspx file holds all the elements to be displayed, and the Aspx.vb or. aspx.cs file holds the logic.

2, User control (UserControl)

In order to enable users to easily define controls as needed, the ASP. NET introduces the concept of Web forms user controls. As a matter of fact, you can convert. aspx to a WEB user control as long as the. Ascx,.ascx and. aspx files also have a logical code-behind class file with an extension of. ascx.vb or. Ascx.cs, except that it cannot be used as a standalone web Form page to run, the user control can work only if it is included in the. aspx file.

Use the following two steps to set up a user control in a Web Forms page:

(1) Register the user control in the. aspx file using the @ Register directive. If you want to register on the relative path "... /usercontrol/the header file under Headinner.ascx method is:

<%@ Register tagprefix= "Acme" tagname= "Head" src= ". /usercontrol/headinner.ascx "%>

(2) Declares the user control element between the opening and closing tags of the server control (

). For example, to declare the syntax of the control being imported above is:

In this way, the control becomes part of the page and is rendered when the page is processed. Also, the control's public properties, events, and methods are exposed to the Web Forms page and can be programmatically used. Based on this principle, the actions to be performed (such as logon verification, role validation) for each page initialization are encapsulated in the user control.

The basic idea of RBAC

The basic idea of RBAC (role access control) can be represented simply by graph, that is, the whole access control process is divided into two steps: access rights and roles, and roles are associated with users, thus realizing the logical separation of user and access rights.

Because RBAC realizes the logic separation of user and access rights, it is very convenient for the privilege management. For example, if a user's position is changed, as long as you remove the user's current role and join a role that represents a new job or new task, the change in roles/permissions is much slower than the change between role/user relationships, and delegating users to roles does not require a lot of technology, which can be performed by administrators. The task of configuring permissions to roles is complex and requires some technology that can be borne by specialized technicians, but does not give them permission to delegate users, which is exactly the same as in reality.

User permissions are in the. NET in the design and implementation

Use. NET, the basic idea of implementing permission control is: According to the basic principle of Role access control (RBAC), assigning a role to the user, each role corresponding to some permissions, The user control (UserControl) in asp.net is then used to determine whether the user's corresponding role has the right to access the page.