自定义身份验证以限制对Intranet Web应用程序页面的访问
我在Intranet上有一个asp.net Web应用程序。
数据库a上的
有一个包含应用程序用户信息的表:
Windows用户名,角色....其他东西
在Session Start上,我读取了Windows用户的记录,并从数据库上的应用程序用户检索他们的信息。我在Session变量中保存检索到的信息
如果我想根据用户的信息限制对网页的访问,
这样如果Windows用户在应用程序的用户表中不存在,我想阻止访问页面。最好的方法是什么?
提前谢谢
我有什么试过:
i尝试检查EACH PAGE LOAD 上的Session变量中保存的用户信息..或者 MASTER PAGE LOAD ....
但我不知道最佳做法是什么
i have an asp.net web application on intranet.
on database a have a table with application users info:
Windows username , role .... and other stuff
on Session Start, i read logged in Windows user, and retrieve their info from application users on database. i save retrieved info in Session variable
if i want to restrict access to the webpages based on user's info,
so that if the Windows user does not exist in application's users table, i want to prevent access to page. What is the best way to do that?
thanks in advance
What I have tried:
i tried to examine user info saved in Session variable on EACH PAGE LOAD .. or on MASTER PAGE LOAD ....
but i don't know what the best practice is
一种简单的方法是让每个页面继承自在其Page_Load中进行安全性检查的基类。如果您进入基类太远而无法更改为基类,则可以在每个页面加载中添加一个调用来检查它们是否可以访问该页面。
如果只有几页需要不同级别的访问权限,您还可以在web.config中使用Location元素。
本文介绍了各种场景,应该对您有所帮助。 Guru Sarkar的博客 - 设置授权规则web.config中的特定页面或文件夹 [ ^ ]
另见如何:控制ASP.NET应用程序中的授权权限 [ ^ ]
One simple way is to have each page inherit from a base class that does the security check in its Page_Load. If you are too far into it to change to a base class you can always add a call in each page load to check if they have access to that page.
You can also use Location elements in your web.config if there are only a few pages that will need different levels of access.
This article goes over various scenarios and should help you. Guru Sarkar's Blog - Setting authorization rules for a particular page or folder in web.config[^]
Also see, HOW TO: Control Authorization Permissions in an ASP.NET Application[^]
忘记为其编写代码,只需购买现成的防火墙/代理服务器产品。这是标准功能。
在您离开并说它太贵了!之前,请考虑一下。你花一个小时来写这个项目多少钱?你要写多久了?将两者相乘,这是您的小项目的最低成本。将其与现成成本相比较,您会发现您的项目成本会更高。
Forget writing code for it and just buy a firewall/proxy server product off-the-shelf. This is standard functionality.
Before you go off and say "it's too expensive!", think about this. How much do you get paid an hour to write this project? How long are you going to be writing it? Multiply the two and that's the minimum cost of your little project. Compare that to off-the-shelf cost and you should find that your project is going to cost more.