{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 女痞 的问题《ASP.Net Roles: Page-Level Security Question》','https://www.manongdao.com/q-994120.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
We're currently in the process of re-creating a brand new security model that dwarfs our existing process. Right now, we plan on grabbing a user's roles during the login process and then using a Base Page class to check if the user has the role of the corresponding page the user is navigating to.
We can limit the menu's options by the user's roles as well, but we have had problems with users navigating to pages in our system by typing them in or having old bookmarks. Obviously, we need some sort of page level access.
A simple function in our Base Page class that checks the role in the Arraylist against the page's assigned role would work, but I was wondering if there was any built-in functionality to support this or a cleaner solution possibly.
Are you using built-in membership?
If so, you can use the
locationsection of yourweb.configfile to restrict access to individual pages or entire directories. From MSDN:Have you looked at ASP.Net Membership for this yet? It takes care of all of the scenarios you listed above (trimming menus, page security,) and in a very easy to use manner.
See here for more information about membership - http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx.