问题描述
当用户通过浏览default.aspx页面登录到我的应用程序时,基于用户对象的EmployeeType,我知道用户是Customor还是Vendor还是Employee.我想实现的是,我应该只允许"Customer"用户访问"Protected/Customer"文件夹下的文件和文件夹.同样,只有供应商用户才能访问受保护/供应商"文件夹下的文件和文件夹.我的意思是客户不应允许访问与供应商有关的页面,反之亦然.如何实现呢?请帮忙.
文件夹结构如下所示:
保护/客户/SomeFolder1/SomeFile1.aspx
保护/客户/SomeFolder2/SomeFile2.aspx
保护/供应商/SomeFolder1/SomeFile1.aspx
保护/供应商/SomeFolder2/SomeFile2.aspx
请注意,我没有使用表单身份验证.身份验证由Site Minder(第三方工具)完成.他们将仅根据我可以获得用户详细信息返回UID.没有将用户分配给任何角色.根据用户的雇员类型,我需要实现上述方案.
While user logging to my application by browsing default.aspx page, I know whether the user is Customor or Vendor or Employee based on EmployeeType of User object. What I would like to achieve is that I should only allow Customor users could access files and folder under the folder Protected/Customer. Similarly only Vendor users could access only the files and folders under the folder Protected/Vendor. I mean a customer should not allow to access Vendor related pages and vise-versa. How to achieve this? Please do help.
The folder structure looks like given below:
protected/customer/SomeFolder1/SomeFile1.aspx
protected/customer/SomeFolder2/SomeFile2.aspx
protected/vendor/SomeFolder1/SomeFile1.aspx
protected/vendor/SomeFolder2/SomeFile2.aspx
Please note that I''m not using Forms authentication. The authentication is done by Site Minder (By thrid party tool). They will return only UID based on that I could get user details. Users are not assigned to any roles. Based on Employee type of users I need to achieve the above mentioned scenario.
推荐答案
Control Authorization by Modifying the Web.config File
To restrict access to ASP.NET applications that use forms authentication, edit the <authorization> element in the application’s Web.config file. To do this, follow these steps: 1.Start a text editor, such as Notepad, and then open the Web.config file that is located in the application’s root folder.
Note If the Web.config file does not exist, create a Web.config file for the ASP.NET application.
2.If you want to control authorization for the whole application, add the <authorization> configuration element to the <system.web> element in the Web.config file.
3.In the <authorization> element, add the <allow> configuration element and the <deny> configuration element. Use the users attribute to specify a comma-delimited list of user names. You can use a question mark (?) as a wildcard character that matches any user name. For example, the following code denies access to all users except user1 and user2:
<authorization>
<allow users="user1, user2"/>
<deny users="?"/>
</authorization>
4.Save the Web.config file.
Note For more information about configuring directory-specific and file-specific settings, see the References section of this article.
http://asp.net.bigresource.com/如何限制访问一个指定的文件夹gjhYAFCyM.html [ ^ ]
http://forums.asp.net/t/1666926.aspx/1 [ ^ ]
http://stackoverflow.com/问题/10544276/如何限制访问网页的用户的不同类型 [ ^ ]
http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx [ ^ ]
谢谢,
Ambesha
http://asp.net.bigresource.com/How-to-Restrict-Access-to-an-specified-folder-gjhYAFCyM.html[^]
http://forums.asp.net/t/1666926.aspx/1[^]
http://stackoverflow.com/questions/10544276/how-to-restrict-access-to-web-pages-for-different-types-of-users[^]
http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx[^]
Thanks,
Ambesha
<authorization>
<deny roles="Vendor" />
</authorization>
这篇关于如何在ASP.NET中将访问权限限制为特定用户类型的文件夹文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!