Programmatically check if page requires authentica

2019-05-08 19:47发布

站内问答 / C#
556 3 5

I would like to know if there is a way to check if a page requies authentication based on the web.config settings. Basically if there is a node like this

  <location path="account">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

then I would like to check on any page if it requires authentication or not and to return true if it is under the account directory. Is this possible?

3条回答
SAY GOODBYE
2楼-- · 2019-05-08 20:09

Are you checking the page that the user has requested? Its unlikely as the request will never get to the page. Check the url authorization workflow.

enter image description here

http://www.asp.net/web-forms/tutorials/security/membership/user-based-authorization-cs

查看更多
0人赞 添加讨论(0) 举报
Root(大扎)
3楼-- · 2019-05-08 20:11

I am a little confused as to what you are asking exactly, but to use your web.config to enforce authentication on a page-for-page basis, you need something like this:

 <location path="Forms/Administration/Default.aspx">
        <system.web>
            <authorization>
                <allow roles="Administrator, User, AdditionalUser" />
            </authorization>
        </system.web>
    </location>

If you need to be more granular than that, you need to add the logic to your middle-tier and then check on page load or url request (if MVC).

查看更多
0人赞 添加讨论(0) 举报
放我归山
4楼-- · 2019-05-08 20:23

The solution is to create an anonymous identity (principal), and pass it into the CheckUrlAccessForPrincipal method. It will determine if the page is public, or requires authentication.

See code below:

var principal = new GenericPrincipal(new GenericIdentity(String.Empty, String.Empty), new string[]{});
bool requiredAuthentication = UrlAuthorizationModule.CheckUrlAccessForPrincipal(Page.AppRelativeVirtualPath, principal, Request.HttpMethod);
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)