该博客介绍了使用C#实现特定角色访问文件夹权限控制的方法。目的是让不同角色(如administrator、controler)访问不同文件夹,帐号、密码、角色存储在特定数据库中。还给出了配置文件和关键代码,并提供了参考资料及参考代码下载。
要求:
using System.Web.Security
using System.Security.Principal
[Principal]:主要的(这里怎样翻译呢??)
==================================
目录
+admin1 -default.aspx -web.config //web.config#1+admin2 -default.aspx -web.config//web.config#2+bin-web.config//web.config#root-login.aspx
==========================
目的:
admin1文件夹:只有role是administrator可以访问.
admini2文件夹:只有role是controler可以访问.
帐号,密码,角色存储在特定数据库中.
本例目的(其他道理相同):
caca是administrator
wawa是controler
所以caca可以访问admin1,不能访问admin2;wawa反之.
==========================
配置:
(1)web.config#root
<?
xml version="1.0" encoding="utf-8"
?>
<
configuration
>
<
system
.web
>
<
authentication
mode
="Forms"
>
<
forms
name
="authenticationcookie"
loginUrl ="login.aspx" protection ="All" path ="/" timeout ="40" />
</
authentication
>
</
system.web
>
</
configuration
>
(2)web.config#1
<?
xml version="1.0" encoding="utf-8"
?>
<
configuration
>
<
system
.web
>
<
authorization
>
<
allow
roles
="administrator"
/>
<
deny
users
="*"
/>
</
authorization
>
</
system.web
>
</
configuration
>
(3)web.config#2
<?
xml version="1.0" encoding="utf-8"
?>
<
configuration
>
<
system
.web
>
<
authorization
>
<
allow
roles
="controler"
/>
<
deny
users
="*"
/>
</
authorization
>
</
system.web
>
</
configuration
>
==========================
关键代码:
(1)login.aspx
<
script language
=
c# runat
=
server
>
private
void
signin(Object sender,EventArgs e)
{
string aRole="guest"; if(tbName.Text=="caca")aRole="administrator"; if(tbName.Text=="wawa")aRole="controler"; //建立role-based认证票据(我认为本质是cookie) FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket( 1, // version(版本?) tbName.Text, // user name(可能是生成票据验证cookie的名称) DateTime.Now, // creation(票据产生时间) DateTime.Now.AddMinutes(40),// Expiration(票据cookie失效时间) false, // Persistent(这个应该是票据的保留时间) aRole ); // User data(角色)//修改票据cookie,使其加密(本质是写入一个与票据cookie同名的新cookie) string encryptedTicket = FormsAuthentication.Encrypt(authTicket); HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,encryptedTicket);
//在保存这个Cookie之前,需要设定它的有效时间
//authCookie.Expires=DateTime.Now.AddDays(3);
Response.Cookies.Add(authCookie);
//返回所请求的URL
Response.Redirect( FormsAuthentication.GetRedirectUrl(tbName.Text, false ));
}
private
void
signout(Object sender,EventArgs e)
{
//注销票据
FormsAuthentication.SignOut();
}
</
script
>
Response.Cookies.Add(authCookie); //返回所请求的URL Response.Redirect( FormsAuthentication.GetRedirectUrl(tbName.Text, false ));}
private
void
signout(Object sender,EventArgs e)
{//注销票据 FormsAuthentication.SignOut();}
</
script
>
<
html
>
<
head
>
<
title
>
LogIn
</
title
>
</
head
>
<
body
>
<
form
runat
=server>
Name:<asp:textbox runat
=server
id
=tbName/>[caca/wawa]
<asp:button runat
=server
text
=LogIn
onclick
=signin/>
<asp:button runat
=server
text
=SignOut
onclick
=signout/>
<hr
>
<
asp:label
runat
=server
id
=lblMessage/>
</form
>
</
body
>
</
html
>
(2)Global.asax
<%
@ import
namespace
=
System.Security.Principal
%>
<%
@ import
namespace
=
System.Security
%>
<
script language
=
c# runat
=
server
>
protected
void
Application_AuthenticateRequest(Object sender, EventArgs e)
{// Extract the forms authentication cookie(还原加密的票据) string cookieName = FormsAuthentication.FormsCookieName; HttpCookie authCookie = Context.Request.Cookies[cookieName]; if(null == authCookie)
{ // There is no authentication cookie. return;
} FormsAuthenticationTicket authTicket = null; try { authTicket = FormsAuthentication.Decrypt(authCookie.Value); } catch(Exception ex) { // Log exception details (omitted for simplicity) return; } if (null == authTicket) { // Cookie failed to decrypt. return; } // When the ticket was created, the UserData property was assigned a // pipe delimited string of role names.(票据已经还原,提取票据的UserData即为验证用户的role) string[] roles = authTicket.UserData.Split(new char[]{'|'}); // Create an Identity object FormsIdentity id = new FormsIdentity( authTicket ); // This principal will flow throughout the request. GenericPrincipal principal = new GenericPrincipal(id, roles); // Attach the new principal object to the current HttpContext object Context.User = principal;}
</
script
>
===========================
参考:
(1)Building Secure Microsoft ASP.NET Applications:
Authentication, Authorization, and Secure Communication by Microsoft Corporation
ISBN:0735618909
Microsoft Press
(2)MSDN
===========================
下载参考代码
扫一扫
687
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
