Test System.Web.Authorization From Code_问答_开发者

开发者 https://www.devze.com 2023-01-11 16:08 出处：网络

Inside a web.config file, you can control user/role authorization like this: <location path=\"MyPage.a开发者_如何学Gospx\">

相关专题：asp.net

Inside a web.config file, you can control user/role authorization like this:

 <location path="MyPage.a开发者_如何学Gospx">
  <system.web>
    <authorization>
      <allow users="User1"/>
    </authorization>
  </system.web>
</location>

An asp.net menu will automatically filter out pages that aren't authorized for the current user, but how can I check in my code if they have the correct permissions?

I'd like to disable or hide links that they don't have access to.

There's no in-built method to test permissions as such, you have to retrieve the current identity using:

HttpContext.Current.User.Identity.Name

...and test this against the respective criteria. A better approach might be to assign roles and use this method to test permission sets:

HttpContext.Current.User.IsInRole("Managers")

You could also programmatically access the authorization section:

System.Configuration.Configuration config = WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);
AuthorizationSection asection;
asection = config.GetSection("system.web/authorization") as AuthorizationSection;

...but you'd need to implement a means to test these rules against a particular resource demand.