在.net 中依据页的角色验证方式产生相匹配的菜单 --zt
看了很多人都是自己程序获得用户的角色权限,再判断并编写相应的功能菜单,其实.net 中可以允许开发者自己拼合这些功能;
废话不说,网上也有很多这样的资料,但我感觉说教太多,自己来简单归纳一下方便给大家!
注:站点必须为asp.net 标准验证方式。自定义cookie认证,自定义Session方式的可以一边凉快去了!
具体条件
1、为站点准备SiteMap
在站点根目录建立一个Web.sitemap 配置文件,例:
1
<?
xml version
=
"
1.0
"
encoding
=
"
utf-8
"
?>
2 < siteMap xmlns = " http://schemas.microsoft.com/AspNet/SiteMap-File-1.0 " >
3 < siteMapNode url = " ~/Default.aspx " title = " 首页 " description = "" >
4 < siteMapNode url = " ~/Register.aspx " title = " 注册 " description = "" />
5 < siteMapNode url = " ~/Login.aspx " title = " 登陆 " description = "" />
6 < siteMapNode url = " ~/Album/Default.aspx " title = " 个人管理 " description = "" >
7 < siteMapNode url = " ~/Album/AlbumManager.aspx " title = " 相册管理 " description = "" />
8 < siteMapNode url = " ~/Album/ImageUploader.aspx " title = " 图片上传 " description = "" />
9 < siteMapNode url = " ~/Album/ImageManager.aspx " title = " 图片管理 " description = "" />
10 </ siteMapNode >
11 </ siteMapNode >
12 </ siteMap >
2 < siteMap xmlns = " http://schemas.microsoft.com/AspNet/SiteMap-File-1.0 " >
3 < siteMapNode url = " ~/Default.aspx " title = " 首页 " description = "" >
4 < siteMapNode url = " ~/Register.aspx " title = " 注册 " description = "" />
5 < siteMapNode url = " ~/Login.aspx " title = " 登陆 " description = "" />
6 < siteMapNode url = " ~/Album/Default.aspx " title = " 个人管理 " description = "" >
7 < siteMapNode url = " ~/Album/AlbumManager.aspx " title = " 相册管理 " description = "" />
8 < siteMapNode url = " ~/Album/ImageUploader.aspx " title = " 图片上传 " description = "" />
9 < siteMapNode url = " ~/Album/ImageManager.aspx " title = " 图片管理 " description = "" />
10 </ siteMapNode >
11 </ siteMapNode >
12 </ siteMap >
注意:第一级节点只能有1个,其他节点就随意了,可以把全站所有有关的页都编写进来,也可以只写有权限 控制相关的页,这个是可以继承的。
安装有MSDN2005的朋友可以看此内容:ASP.NET 站点地图
ms-help://MS.VSCC.v80/MS.MSDN.v80/MS.VisualStudio.v80.chs/dv_aspnetcon/html/6b85a558-1df8-44cf-bea6-62e61bcc8d20.htm
2、为文件或目录设置访问权限
在相关目录的Web.config 中设置就可以,跟平时设置一样
1
<
system.web
>
2 < authorization >
3 <!-- 当前目录由Album 角色的用户才可以访问 -->
4 < allow roles = " Album " />
5 < deny users = " * " />
6 </ authorization >
7 </ system.web >
8
9 < location path = " ImageUploader.aspx " >
10 < system.web >
11 < authorization >
12 <!-- ImageUploader.aspx 只能带Blog角色的用户才可以访问 -->
13 < allow roles = " Blog " />
14 < deny users = " * " />
15 </ authorization >
16 </ system.web >
17 </ location >
2 < authorization >
3 <!-- 当前目录由Album 角色的用户才可以访问 -->
4 < allow roles = " Album " />
5 < deny users = " * " />
6 </ authorization >
7 </ system.web >
8
9 < location path = " ImageUploader.aspx " >
10 < system.web >
11 < authorization >
12 <!-- ImageUploader.aspx 只能带Blog角色的用户才可以访问 -->
13 < allow roles = " Blog " />
14 < deny users = " * " />
15 </ authorization >
16 </ system.web >
17 </ location >
3、在根Web.config 中启用站点地图角色过滤配置,想省事可以直接复制粘贴
1
<
system.web
>
2 < siteMap defaultProvider = " XmlSiteMapProvider " enabled = " true " >
3 < providers >
4 < add name = " XmlSiteMapProvider "
5 description = " Default SiteMap provider. "
6 type = " System.Web.XmlSiteMapProvider "
7 siteMapFile = " Web.sitemap "
8 securityTrimmingEnabled = " true " />
9 </ providers >
10 </ siteMap >
11 </ system.web >
12
2 < siteMap defaultProvider = " XmlSiteMapProvider " enabled = " true " >
3 < providers >
4 < add name = " XmlSiteMapProvider "
5 description = " Default SiteMap provider. "
6 type = " System.Web.XmlSiteMapProvider "
7 siteMapFile = " Web.sitemap "
8 securityTrimmingEnabled = " true " />
9 </ providers >
10 </ siteMap >
11 </ system.web >
12
就这样就OK了!测试一把~~!
1、拖一个Menu 控件到页面上,并新建一个数据源类型为“站点地图”类型,名字随意。点OK就配置好了!
测试用例1:(没有登陆以前,只显示根目录下谁都可以访问的文件)
测试用例2:(登陆后,具备Album 角色但不具备Blog 角色能力)
测试用例3:(登陆后,具备Album角色也具备Blog 角色)
完成收工,回家了,显然这样的方式,大量减少的代码,而且把页面文件或目录跟角色绑定起来,实在是非常方便的。