Asp.net成员身份-如果未通过身份验证的用户,则重定向到“登录"页面
大家好,
我正在使用asp.net成员资格提供程序来辅助角色和管理角色.
在我的应用程序中,我有3个子文件夹,例如ADMIN,USERS和MANAGERS,每个角色都有一些默认页面.
我创建了角色,并为注册用户分配了角色.
我以USERS角色登录到应用程序,然后仅访问USERS网页,但是现在,如果用户键入未经身份验证的文件夹/页面的URL,例如ADMIN或MANAGERS,他也可以登录,但我不希望发生这种情况,如果他尝试转到其他角色页面,但我想将该用户重定向到登录"页面.
任何人都可以使用asp.net代码或web.config文件来帮助我如何实现这一目标.
在此先感谢...
Hi All,
I am using asp.net membership provider for assiging Roles and Managing Roles.
In my application I have 3 sub folders like ADMIN,USERS and MANAGERS with some some default pages to each role.
I created the roles and I assigned roles to the registered users.
I login to the application with USERS role then I am accessing the USERS web pages only but now if the user types the URL of unauthenticated folders/pages like ADMIN or MANAGERS,he can also logging in but I dont want this to be happened,If he tries to other role pages I want to redirect that user to Login page.
Can anyone help me how to achieve this whether using the asp.net code or web.config file.
Thanks in advance...
首先,请确保您在应用程序根目录中的web.config具有表单身份验证设置(请注意设置登录页面):
First, make sure your web.config in the root of the application has the forms authentication setup taking note to set the login page:
<authentication mode="Forms">
<forms name="auth" loginUrl="~/Default.aspx" timeout="20" cookieless="UseCookies" path="/" requireSSL="false" slidingExpiration="true" protection="All"/>
</authentication>
完成此操作后,每个子文件夹都必须具有一个web.config.即/Admin/web.config.
在这种情况下,您需要说明用户的访问权限.即
Once you have done this each sub folder must have a web.config. i.e. /Admin/web.config.
In this you will need to state the access rights for the users. i.e.
<configuration>
<system.web>
<authorization>
<allow roles="ADMIN" />
<allow roles="MANAGERS" />
<deny roles="USERS" />
<deny roles="?" />
</authorization>
</system.web>
</configuration>
如果未经身份验证的用户或不正确的角色访问了该文件夹,他们将被重定向到登录页面!
If an unauthenticated user or incorrect role hits the folder they will be re-directed to the login page!