我想知道以下事情是否可能?
class User {
[PremissionCheck(UserID,ObjectName,OperationName)]
public DataTable GetUser()
{
//coding for user
} }
不,这在 ASP.Net 网络表单中是不可能的
但是,我已经使用 MasterPage、BasePage 类和 RoleBasedAccessControl 数据库模型在经典的 3 层 ASP.Net 3.5 Web 表单应用程序上实现了基于角色的访问控制。
例子
用户“jtirado”被分配角色“HR-Assistant”,可以访问路由“mywebapp/employee.aspx?id=1452”来编辑员工(id:1452)数据。
作为“HR-Assistant”,该用户可以更改员工电话号码和电子邮件,可以查看员工工资但不能编辑金额。
电话号码、电子邮件、工资是数据库字段,由 ASPX 页面上的“asp.net-control”表示/呈现。所以我想根据用户的角色限制对这些控件的访问。
MasterPage根据分配的角色构建用户可以访问的选项菜单。我所有的内部页面都使用它。
protected void Page_Load(object sender, System.EventArgs e)
{
if (!Page.IsPostBack)
{
CargaItemMenu(MnuPrincipal, Convert.ToInt32(Session["IdPais"]), Convert.ToInt32(Session["IdRol"]), Convert.ToInt32(Session["IdUsuario"]));
Session.Add("MenuDinamico", MnuPrincipal);
if (MnuPrincipal.Items.Count < 1)
{
MenuItem menuItems = new MenuItem();
menuItems.Text = "Principal";
menuItems.Value = "1";
menuItems.NavigateUrl = "";
menuItems.Selectable = true;
MnuPrincipal.Items.Add(menuItems);
}
}
}
private void CargaItemMenu(Menu ctrlmenu, int v_IdPais, int v_IdRol, int v_IdUsuario)
{
oBEOpcionRol = new SEGU.Entities.ENOpcionRol();
oBLOpcionRol = new SEGU.BusinessLogic.BLOpcionRol();
List<ParametroGenerico> ArrayParam;
ArrayParam = CargarParamentrosOpcionRol(v_IdPais, v_IdRol, v_IdUsuario);
List<SEGU.Entities.ENOpcionRol> ListaMenuItems = oBLOpcionRol.ListaxIdPaisxIdRolxIdUsuario(ArrayParam);
foreach (SEGU.Entities.ENOpcionRol objOpcionRol in ListaMenuItems)
{
if (objOpcionRol.IdOpcion.IdOpcion.Equals(objOpcionRol.IdOpcion.IdMenu))
{
MenuItem mnuMenuItem = new MenuItem();
mnuMenuItem.Value = objOpcionRol.IdOpcion.IdOpcion.ToString();
mnuMenuItem.Text = objOpcionRol.IdOpcion.Nombre.ToString();
if (objOpcionRol.IdOpcion.RutaFormulario != "")
{
mnuMenuItem.NavigateUrl = objOpcionRol.IdOpcion.RutaFormulario.ToString();// +"?IdOpcion=" + Convert.ToString(objOpcionRol.IdOpcion.IdOpcion);
}
if (objOpcionRol.IdOpcion.PageNew == "1")
{
mnuMenuItem.Target = "_blank";
}
//mnuMenuItem.Target = "iframePrincipal"
if (objOpcionRol.IdOpcion.Imagen.Trim() != "")
{
mnuMenuItem.ImageUrl = "Seguridad/ImagenesMenus/" + objOpcionRol.IdOpcion.Imagen.Trim();
}
if ((mnuMenuItem.NavigateUrl.Trim().Length > 0))
{
mnuMenuItem.Selectable = true;
}
else
{
mnuMenuItem.Selectable = false;
}
ctrlmenu.Items.Add(mnuMenuItem);
AddMenuItem(mnuMenuItem, ListaMenuItems);
}
}
}
private void AddMenuItem(MenuItem mnuMenuItem, List<SEGU.Entities.ENOpcionRol> listaOpcionRol)
{
foreach (SEGU.Entities.ENOpcionRol objOpcionRol in listaOpcionRol)
{
if (objOpcionRol.IdOpcion.IdMenu.ToString().Equals(mnuMenuItem.Value) && !objOpcionRol.IdOpcion.IdOpcion.Equals(objOpcionRol.IdOpcion.IdMenu))
{
MenuItem mnuNewMenuItem = new MenuItem();
mnuNewMenuItem.Value = objOpcionRol.IdOpcion.IdOpcion.ToString();
mnuNewMenuItem.Text = objOpcionRol.IdOpcion.Nombre.ToString();
if (objOpcionRol.IdOpcion.RutaFormulario != "")
{
mnuNewMenuItem.NavigateUrl = objOpcionRol.IdOpcion.RutaFormulario.ToString();// +"?IdOpcion=" + Convert.ToString(objOpcionRol.IdOpcion.IdOpcion);
}
if (objOpcionRol.IdOpcion.PageNew == "1")
{
mnuNewMenuItem.Target = "_blank";
}
mnuMenuItem.ChildItems.Add(mnuNewMenuItem);
//mnuNewMenuItem.Target = "iframePrincipal"
if (objOpcionRol.IdOpcion.Imagen.Trim() != "")
{
mnuNewMenuItem.ImageUrl = "Seguridad/ImagenesMenus/" + objOpcionRol.IdOpcion.Imagen.Trim();
}
if ((mnuNewMenuItem.NavigateUrl.Trim().Length > 0))
{
mnuNewMenuItem.Selectable = true;
}
else
{
mnuNewMenuItem.Selectable = false;
}
AddMenuItem(mnuNewMenuItem, listaOpcionRol);
}
}
}
BasePage类检查用户是否有权访问所需的页面。所有需要授权的页面都继承自这个 BasePage 类。
public class PaginaBase : System.Web.UI.Page
{
SEGU.BusinessLogic.BLOpcionRol oBLOpcionRol;
protected void Page_InitComplete(object sender, System.EventArgs e) {
string Url = this.Page.AppRelativeVirtualPath;
oBLOpcionRol = new SEGU.BusinessLogic.BLOpcionRol();
int b = oBLOpcionRol.AutentificarUrl(Convert.ToInt32(System.Web.HttpContext.Current.Session["IdPais"]), Convert.ToInt32(System.Web.HttpContext.Current.Session["IdUsuario"]), Convert.ToInt32(System.Web.HttpContext.Current.Session["IdRol"]), Url);
System.Web.HttpContext.Current.Session["IdOpcion"] = b;
if( b <= 0 ){
System.Web.HttpContext.Current.Response.Redirect("~/Seguridad/Acceso.aspx");
return;
}
}
.
.
}
最后,在Customers.aspx Page_Load事件中,我调用了一个函数 ( oBLPermisoOpcionRol.ValidarPermisos ),它检查哪些接收 Page 实例作为参数并迭代其控件(例如:DdlClientType、TxtLastName、ChkIsActive)以检查用户可以编辑哪些控件,启用,禁用或隐藏它们。
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
SetNodosMenu(TrvMenu, "");
if (this.TrvMenu.Nodes.Count < 1)
{
PrimerNodos(this.TrvMenu);
}
ListarModuloxAnulado(GvModulo, Convert.ToString(RblAnuladoModuloBusqueda.SelectedValue), Convert.ToInt32(0), Convert.ToInt32(DdlNroPaginaModulo.SelectedValue));
oBLPermisoOpcionRol = new SEGU.BusinessLogic.BLPermisoOpcionRol();
oBLPermisoOpcionRol.ValidarPermisos(Page, Convert.ToInt32(Session["IdRol"]), Convert.ToInt32(Session["IdOpcion"]));
}
}
public void ValidarPermisos(System.Web.UI.Page v_Page, int v_IdRol, int v_IdOpcion)
{
BusinessLogic.BLPermisoOpcionRol oBLPermisoOpcionRol = new BusinessLogic.BLPermisoOpcionRol();
List<ParametroGenerico> ArrayParam ;
ArrayParam = CargarParametros(v_IdRol, v_IdOpcion);
List<SEGU.Entities.ENPermisoOpcionRol> Lista = oBLPermisoOpcionRol.ListaxIdRolxIdOpcion(ArrayParam);
for(int Fila= 0; Fila< Lista.Count; Fila++){
bool v_Anulado= true;
if (Lista[Fila].Anulado == "1") {
v_Anulado = true;
}else if (Lista[Fila].Anulado == "0") {
v_Anulado = false;
}
bool v_ControlVisibleDisabled = true;
if (Lista[Fila].VisbleDisabled == "1") // Control Disabled
{
v_ControlVisibleDisabled = true;
}
else if (Lista[Fila].VisbleDisabled == "0") // Control Visible
{
v_ControlVisibleDisabled = false;
}
SetControls(v_Page, Lista[Fila].IdPermiso.Control, v_Anulado, v_ControlVisibleDisabled);
}
}
public void SetControls(System.Web.UI.Control parentControl, string v_Control, bool permitir, bool v_Permitir_ControlVisibleDisabled)
{
foreach(System.Web.UI.Control c in parentControl.Controls){
if( (c) is Button ){
if( ((Button)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((Button)c).Enabled = false;
}else if (v_Permitir_ControlVisibleDisabled == false)
{
((Button)c).Visible = false;
}
}else{
((Button)c).Visible = true;
}
}
}else if( (c) is CheckBox ){
if( ((CheckBox)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((CheckBox)c).Enabled = false;
}else if (v_Permitir_ControlVisibleDisabled == false)
{
((CheckBox)c).Visible = false;
}
}else{
((CheckBox)c).Visible = true;
}
}
}else if( (c) is Label ){
if( ((Label)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((Label)c).Enabled = false;
}else if (v_Permitir_ControlVisibleDisabled == false)
{
((Label)c).Visible = false;
}
}else{
((Label)c).Visible = true;
}
}
}else if( (c) is TextBox ){
if( ((TextBox)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((TextBox)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((TextBox)c).Visible = false;
}
}else{
((TextBox)c).Visible = true;
}
}
}else if( (c) is GridView ){
if( ((GridView)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((GridView)c).Enabled = false;
}else if (v_Permitir_ControlVisibleDisabled == false)
{
((GridView)c).Visible = false;
}
}else{
((GridView)c).Visible = true;
}
}
}else if( (c) is ImageButton ){
if( ((ImageButton)c).ID == v_Control ){
if (permitir == true)
{
if (v_Permitir_ControlVisibleDisabled == true)
{
((ImageButton)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((ImageButton)c).Visible = false;
}
}
else
{
((ImageButton)c).Visible = true;
}
}
}else if( (c) is HyperLink ){
if( ((HyperLink)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((HyperLink)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((HyperLink)c).Visible = false;
}
}else{
((HyperLink)c).Visible = true;
}
}
}else if( (c) is DropDownList ){
if( ((DropDownList)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((DropDownList)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((DropDownList)c).Visible = false;
}
}else{
((DropDownList)c).Visible = true;
}
}
}else if( (c) is ListBox ){
if( ((ListBox)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((ListBox)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((ListBox)c).Visible = false;
}
}else{
((ListBox)c).Visible= true;
}
}
}else if( (c) is DataList ){
if( ((DataList)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((DataList)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((DataList)c).Visible = false;
}
}else{
((DataList)c).Visible = true;
}
}
}else if( (c) is CheckBoxList ){
if( ((CheckBoxList)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((CheckBoxList)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((CheckBoxList)c).Visible = false;
}
}else{
((CheckBoxList)c).Visible = true;
}
}
}else if( (c) is RadioButton ){
if( ((RadioButton)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((RadioButton)c).Enabled= false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((RadioButton)c).Visible = false;
}
}else{
((RadioButton)c).Visible = true;
}
}
}else if( (c) is RadioButtonList ){
if( ((RadioButtonList)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((RadioButtonList)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((RadioButtonList)c).Visible = false;
}
}else{
((RadioButtonList)c).Visible = true;
}
}
}else if( (c) is Image ){
if( ((Image)c).ID == v_Control ){
if( permitir == true ){
((Image)c).Visible = false;
}else{
((Image)c).Visible = true;
}
}
}else if( (c) is Panel ){
if( ((Panel)c).ID == v_Control ){
if (permitir == true)
{
if (v_Permitir_ControlVisibleDisabled == true)
{
((Panel)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((Panel)c).Visible = false;
}
}
else
{
((Panel)c).Visible = true;
}
}
}else if( (c) is Table ){
if( ((Table)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((Table)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((Table)c).Visible = false;
}
}else{
((Table)c).Visible= true;
}
}
}else if( (c) is LinkButton ){
if( ((LinkButton)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((LinkButton)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((LinkButton)c).Visible = false;
}
}else{
((LinkButton)c).Visible = true;
}
}
}else if( (c) is System.Web.UI.HtmlControls.HtmlInputButton ){
if( ((System.Web.UI.HtmlControls.HtmlInputButton)c).ID == v_Control ){
if( permitir == true ){
((System.Web.UI.HtmlControls.HtmlInputButton)c).Visible = false;
((System.Web.UI.HtmlControls.HtmlInputButton)c).Attributes.Add("disabled", "disabled");
}else{
((System.Web.UI.HtmlControls.HtmlInputButton)c).Visible = true;
((System.Web.UI.HtmlControls.HtmlInputButton)c).Attributes.Remove("disabled");
}
}
}else if( (c) is System.Web.UI.HtmlControls.HtmlAnchor ){
if( ((System.Web.UI.HtmlControls.HtmlAnchor)c).ID == v_Control ){
if( permitir == true ){
((System.Web.UI.HtmlControls.HtmlAnchor)c).Visible = false;
// CType(c, System.Web.UI.HtmlControls.HtmlAnchor).Attributes.Add("disabled", "disabled")
}else{
((System.Web.UI.HtmlControls.HtmlAnchor)c).Visible = true;
//CType(c, System.Web.UI.HtmlControls.HtmlAnchor).Attributes.Remove("disabled") '' etiqueta <a runat="server" ID="id1">
}
}
}else if( (c) is System.Web.UI.HtmlControls.HtmlGenericControl ){
if( ((System.Web.UI.HtmlControls.HtmlGenericControl)c).TagName.ToUpper() == "DIV".ToUpper() ){
if( ((System.Web.UI.HtmlControls.HtmlGenericControl)c).ID == v_Control ){
if( permitir == true ){
((System.Web.UI.HtmlControls.HtmlGenericControl)c).Visible = false;
//CType(c, System.Web.UI.HtmlControls.HtmlGenericControl).Attributes.Add("disabled", "disabled")
}else{
((System.Web.UI.HtmlControls.HtmlGenericControl)c).Visible = true;
//CType(c, System.Web.UI.HtmlControls.HtmlGenericControl).Attributes.Remove("disabled") '' etiqueta <div runat="server" ID="iddiv">
}
}
}
}
SetControls(c, v_Control, permitir, v_Permitir_ControlVisibleDisabled);
}
}
这样,我不必使用 if-then 语句来检查权限,而且我可以创建任意数量的角色,给他们任何权限,而无需更改任何 C# 代码。
您还可以查看这些帖子:
ASP.NET 基于角色的安全性是真正的基于角色的访问控制系统吗?
基于角色的访问控制——我应该在数据库中也有权限列表还是只在代码中(例如枚举)?
如何控制对 ASP.Net MVC 3 视图上的表单字段的访问?