if you don't have many pages, look into location tagHOW TO: Control Authorization Permissions in an ASP.NET Application http://support.microsoft.com/kb/316871otherwise, consider to use an xml to specify the mapping between roles and pages, and write your own authorization HttpModule or verify it in, for example, Application_AuthorizeRequest
类似这样:
public class BasePage : Page
{
#region override members [Permission(Const.System_AllowVisitPage), PrincipalPermission(SecurityAction.Demand, Role=PermissionAttribute.PermissionRole)]
protected override void OnLoad(EventArgs e) {
base.OnLoad (e);
checkAuth();
}
。。protected virtual void checkAuth(string permissionNO)
{
IAOPResult Result=Securitor.Authorize(permissionNO,string.Empty,false);
if(Result.IsFailed)
{
Response.Write("<script>alert('没有授权!')</script>");
Response.End();
}
}
http://support.microsoft.com/kb/316871otherwise, consider to use an xml to specify the mapping between roles and pages, and write your own authorization HttpModule or verify it in, for example, Application_AuthorizeRequest