自訂 RoleProvider

Posted on by

接著來看 角色 控制部分
通常一個使用者或許會有幾個角色
每個角色可能會被分派到不同權限
如果遇到多重角色實做起來就會比較棘手一點
現在我們先定義一個RoleProvider

[code lang="vbnet" title="MyRoleProvider.vb"]Public Class MyRoleProvider
Inherits RoleProvider

Public Overrides Sub AddUsersToRoles(usernames() As String, roleNames() As String)

End Sub

Public Overrides Property ApplicationName As String
Get
Return Nothing
End Get
Set(value As String)

End Set
End Property

Public Overrides Sub CreateRole(roleName As String)

End Sub

Public Overrides Function DeleteRole(roleName As String, throwOnPopulatedRole As Boolean) As Boolean
Return Nothing
End Function

Public Overrides Function FindUsersInRole(roleName As String, usernameToMatch As String) As String()
Return Nothing
End Function

Public Overrides Function GetAllRoles() As String()
Return Nothing
End Function

Public Overrides Function GetRolesForUser(username As String) As String()
If username = "ga009900" Then
Dim list As New List(Of String)
list.Add("Admin")
list.Add("Tester")
Return list.ToArray
Else
Return Nothing
End If
End Function

Public Overrides Function GetUsersInRole(roleName As String) As String()
Return Nothing
End Function

Public Overrides Function IsUserInRole(username As String, roleName As String) As Boolean
Return Nothing
End Function

Public Overrides Sub RemoveUsersFromRoles(usernames() As String, roleNames() As String)

End Sub

Public Overrides Function RoleExists(roleName As String) As Boolean
Return Nothing
End Function
End Class[/code]

接著在 web.config 定義角色控制使用我們所定義的 roleprovider
[code lang="xml" title="web.config"]
<configuration>
<system.web>
<roleManager defaultProvider="MyRoleProvider" enabled="true" cacheRolesInCookie="true">
<providers>
<add name="MyRoleProvider" type="MyRoleProvider" />
</providers>
</roleManager>
</system.web>
</configuration>
[/code]

接著我們可以控制說某個頁面或者資料夾只能某種角色才能瀏覽
如果該頁面沒有權限就會導入到登入畫面
[code lang="xml" title="web.config"]
<configuration>
<location path="admin.aspx">
<system.web>
<authorization>
<allow roles="Admin, AdminAgent" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="guest.aspx">
<system.web>
<authorization>
<allow roles="guest" />
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
[/code]
如果使用 ga009900 帳號登入
如果要訪問 guest.aspx 的話將無法訪問
會被退回到登入頁面
但是訪問 admin.aspx 即可正常顯示頁面內容

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>