基于窗体的身份验证,用户和角色的访问权限是配置在web.config里面的:
<configuration>
<system.web>
<authentication mode="Forms"/>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>如果要动态的配置用户和角色的权限,怎么办啊? 是不是要手工在程序里按照xml文件的格式修改web.config ? 还是有别的更方便的类进行修改?
<configuration>
<system.web>
<authentication mode="Forms"/>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>如果要动态的配置用户和角色的权限,怎么办啊? 是不是要手工在程序里按照xml文件的格式修改web.config ? 还是有别的更方便的类进行修改?
if (not(HttpContext.Current.User is Nothing)) then
if HttpContext.Current.User.Identity.AuthenticationType = "Forms" then
Dim id as System.Web.Security.FormsIdentity
id = HttpContext.Current.User.IdentityDim MyRoles(2) As String
MyRoles(0) = "Manager"
MyRoles(1) = "Admin"
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id,MyRoles)
End if
End if
End sub
name=".ASPXCOOKIEAUTH" path="/"> </authentication>省
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
// Extract the forms authentication cookie(还原加密的票据)
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];
if(null == authCookie)
{
// There is no authentication cookie.
return;
}
FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch(Exception ex)
{
// Log exception details (omitted for simplicity)
return;
}
if (null == authTicket)
{
// Cookie failed to decrypt.
return;
}
// When the ticket was created, the UserData property was assigned a
// pipe delimited string of role names.(票据已经还原,提取票据的UserData即为验证用户的role)
string[] roles = authTicket.UserData.Split(new char[]{'|'}); // Create an Identity object
FormsIdentity id = new FormsIdentity( authTicket );
// This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, roles);
// Attach the new principal object to the current HttpContext object
Context.User = principal; }
///以下代码入在登陆验证页
private void Signin(string username,int role)
{
string aRole="guest";
if(role==1)aRole="member"; //会员
if(role==2)aRole="admin"; //管理员
//建立role-based认证票据(我认为本质是cookie)
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
1, // version(版本?)
username, // user name(可能是生成票据验证cookie的名称)
DateTime.Now, // creation(票据产生时间)
DateTime.Now.AddMinutes(40),// Expiration(票据cookie失效时间)
false, // Persistent(这个应该是票据的保留时间)
aRole ); // User data(角色)
//修改票据cookie,使其加密(本质是写入一个与票据cookie同名的新cookie)
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,encryptedTicket);
//在保存这个Cookie之前,需要设定它的有效时间
//authCookie.Expires=DateTime.Now.AddDays(3);
Response.Cookies.Add(authCookie);
//返回所请求的URL
string ReturnUrl="";
if (Request["ReturnUrl"]!=null)
{
ReturnUrl = Server.UrlDecode(Context.Request["ReturnUrl"].ToString().ToLower());
}
if (ReturnUrl!="")
{
Response.Redirect(Request["ReturnUrl"].ToString());
}
else
{
Response.Redirect("/office/");
} }///web.config 中
<!-- set secure paths -->
<location path="office">
<system.web>
<authorization>
<allow roles="member"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="admin">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<!-- set secure paths -->
<location path="office">
<system.web>
<authorization>
<allow roles="member"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="admin">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>web.config的这段配置是配置角色的可以访问的url的。 如何动态配置一个角色可以访问哪些url呢?
<location path="office">
<system.web>
<authorization>
<allow roles="member"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="admin">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
这里,office子目录下的页面是只允许member角色的用户访问的,admin子目录下的页面只允许admin角色的用户访问。现在的问题是如何定义什么path允许哪些角色访问? 是用读写xml文档的方法操作web.config文件?