1

我有一个带有 2 个文件夹的 Web 应用程序。包含各自页面的管理员和培训师。我在每个文件夹中有一个 web.config,如下所示。当我使用这些配置设置登录时,用户被拒绝访问他的主页,如果我删除拒绝用户,每个人都可以登录。我已经使用 WSAT 创建了角色并将用户添加到角色中。

管理员的 Web.Config

<?xml version="1.0"?>
<configuration>
<system.web>
    <authorization>
      <allow roles="Administrator" />
      <deny users="?"/>
    </authorization>
</system.web>
</configuration>

培训师的 Web.Config

<?xml version="1.0"?>
<configuration>
<system.web>
    <authorization>
      <allow roles="Trainer" />
      <deny users="?"/>
    </authorization>
</system.web>
</configuration>

根文件夹 Web.Config 文件

<?xml version="1.0"?>

<configuration>
<connectionStrings>
<add name="TSS" connectionString="Data Source = VC-SQL2008; Integrated
    Security=True;   database = aspnetdb" providerName="System.Data.SqlClient"/>
</connectionStrings>

<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Forms">
  <forms loginUrl="Login.aspx" timeout="2880" />
</authentication>
</system.web>

<system.web>
<membership>
  <providers>
    <clear/>
    <add name="AspNetSqlMembershipProvider"
 type="System.Web.Security.SqlMembershipProvider" connectionStringName="TSS"
 requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
 enablePasswordRetrieval="false" enablePasswordReset="false"
 maxInvalidPasswordAttempts="5" minRequiredPasswordLength="1"
 minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
 applicationName="/"/>

  </providers>
  </membership>

  <profile>
  <providers>
    <clear/>
    <add name="AspNetSqlProfileProvider"
  type="System.Web.Profile.SqlProfileProvider"
   connectionStringName="TSS" applicationName="/"/>
  </providers>
 </profile>

 <roleManager enabled="true">
  <providers>
    <clear />
    <add connectionStringName="TSS" applicationName="/" name="AspNetSqlRoleProvider"
   type="System.Web.Security.SqlRoleProvider" />
    <!--<add applicationName="/" name="AspNetWindowsTokenRoleProvider"
      type="System.Web.Security.WindowsTokenRoleProvider" />-->
  </providers>
</roleManager>

<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>

<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>

关于我如何添加角色的 web.sitemap 示例

enter<siteMapNode url="Administrator/Admin_Home.aspx" title="Home"  description=""
roles="Administrator">

Login.aspx.cs 命名空间 TSS { public partial class Login2 : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { dbConnection dbConn = new dbConnection(); }

  protected void submit_Click(object sender, EventArgs e)
  {
       // var a = Session["username"];
       string password = tb_password.Text;
       // Membership.CreateUser("s.g@visiblechanges.com", "9000");

       bool x = Membership.ValidateUser(tb_email.Text, password);
       string f_name;
       string l_name;
       string trainer="";
       DataTable dt = new DataTable();
       dt = TSS_WebService.getEmployeeByEmail(tb_email.Text);

       foreach (DataRow row in dt.Rows)
       {
            f_name = row["First_Name"].ToString();
            l_name = row["Last_Name"].ToString();
             trainer = row["First_Name"].ToString() + " " +   
           row["Last_Name"].ToString();
       }

   if (x == true)
  {

    Session["username"] = tb_email.Text;
    Session["trainer"] = trainer;

    if (Roles.IsUserInRole(tb_email.Text, "Administrator"))
    {
         Response.Redirect("~/Administrator/Admin_Home.aspx");
    }

  if (Roles.IsUserInRole(tb_email.Text, "Trainer"))
  {

   Response.Redirect("~/Trainer/Trainer_Home.aspx");
  }

   if (Roles.IsUserInRole(tb_email.Text, "Salon Manager"))
   {

    Response.Redirect("~/Salon/Salon_Home.aspx");
   }

   if (Roles.IsUserInRole(tb_email.Text, "IT"))
    {

     Response.Redirect("Home.aspx");
     }
   }

   else
   {
        FormsAuthentication.RedirectToLoginPage();
   }
  }

  }
  }


***Login.aspx***
    <%@ Page Title="" Language="C#" MasterPageFile="~/Master/Master.Master"     
    AutoEventWireup="true" CodeBehind="Login.aspx.cs" Inherits="TSS.Login2" %>
    <asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server">
    </asp:Content>
    <asp:Content ID="Content2" ContentPlaceHolderID="BreadCrumbs" runat="server">
    <asp:SiteMapPath ID="SiteMapPath1" runat="server">
    </asp:SiteMapPath>
    </asp:Content>
    <asp:Content ID="Content3" ContentPlaceHolderID="MainArea" runat="server">
    <div id = "loginBox">
    <h2> LOGIN</h2>
    <asp:TextBox ID="tb_email" runat="server" class = "ipBox_large"></asp:TextBox><br 
    />
    <asp:TextBox ID="tb_password" runat="server" class = "ipBox_large"></asp:TextBox>  
     <br />   
     <asp:ImageButton ID= "btn" ImageUrl = "../Images/btnLogin.gif" OnClick = 
     "submit_Click"  
     runat="server" />
     <asp:CheckBox id="NotPublicCheckBox" runat="server" /> 
     </div>
    </asp:Content>

我已经坚持了 2 天了,并且已经研究了我可能做的一切。非常感谢任何帮助或建议。谢谢。

4

2 回答 2

2

使用<deny users="?"/> 而不是<deny users="*"/>

于 2012-05-15T19:58:58.373 回答
1

尝试以下代码而不是您的if(x==true){...}部分 if (x == true) { if (Request.QueryString["ReturnUrl"] != null) { //重定向到返回 url FormsAuthentication.RedirectFromLoginPage(userName.Text, NotPublicCheckBox.Checked) ; }

    /* create authentication cookie */
    FormsAuthentication.SetAuthCookie(tb_email.Text, NotPublicCheckBox.Checked)
    Session["username"] = tb_email.Text;
    Session["trainer"] = trainer;

    /*redirect depending on roles*/
    if (Roles.IsUserInRole(tb_email.Text, "Administrator"))
    {
        Response.Redirect("~/Administrator/Admin_Home.aspx");
    }

    if (Roles.IsUserInRole(tb_email.Text, "Trainer"))
    {
        Response.Redirect("~/Trainer/Trainer_Home.aspx");
    }

    if (Roles.IsUserInRole(tb_email.Text, "Salon Manager"))
    {
        Response.Redirect("~/Salon/Salon_Home.aspx");
    }

    if (Roles.IsUserInRole(tb_email.Text, "IT"))
    {
        Response.Redirect("Home.aspx");
    }
}
else
{
    /*Login error*/
    FormsAuthentication.RedirectToLoginPage();
}

希望它有效。祝你好运。

于 2012-05-15T22:20:08.737 回答