I recently starting trying to use the ASP.NET 4 Membership and Role providers in my web applications. But I'm having problems implementing a good security methodology.
I understand that using web.config files we can grany or deny access to certain aspx files, but is there any good built in way to deny access to a specified Role on certain circumstances?
For example;
We have a page called "EditUser.aspx".
We have two user types; administrators and a standard users. This page is used to edit both types. However, only administrators should be able to edit other administrators.
What is the best approach to s开发者_运维问答top an authenticated user without the 'admin' role from being able to edit an administrator via EditUser.aspx?
I'm hoping for something a bit more elegant than the below:
if(editUser.IsInRole("admin") && !User.IsInRole("admin"))
{
Respone.Redirect("SomeAccessDeniedPage.aspx");
}
Thanks,
Phil
One thing to consider is to use the LoginView server control with the RoleGroups element. Maybe bind the admin users in a separate gridview and wrap that in a LoginView set to only display to users in the admin role.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论