开发者

prevent pages in web.config according to user member

开发者 https://www.devze.com 2023-02-04 03:21 出处:网络
I am using custom user membe开发者_开发百科rship in asp.NET so user is an object that contains members. One of the user\'s members is \"IsCompanyAdmin\".

I am using custom user membe开发者_开发百科rship in asp.NET so user is an object that contains members. One of the user's members is "IsCompanyAdmin". I have a few aspx pages for company administrators only. Is there any way to prevent those pages from non-administrator users using the web.config?


In ASP.Net the standard fair for restricting access to pages in the config is via the Location element.

The following example will restrict anyone except users who are in the Admin role. However, this assumes that you have a RoleProvider configured.

<location path="RestrictedPage.aspx">
    <system.web>
      <authorization>
        <allow roles="Admin" />
        <deny users="*" />
      </authorization>
    </system.web>
</location>

There are several examples of how to implement your own custom role provider, but if you can get away with it, then I would use the built in SqlRoleProvider.


If I am understanding your problem correctly, you don't have to have a role in database.

What can do is in your CustomRoleProvider GetRolesForUser method return a string[] that will contain roles depending on your user. The authorization module will be using these roles. So say your property IsCompanyAdmin="true" then you add "Admin" to the string[].

Then the location suggestion provided by Josh should work as if you have a "Admin" role in database.

0

精彩评论

暂无评论...
验证码 换一张
取 消