我有一个包含2个文件夹的Web应用程序。管理员和培训师,包含各自的页面。我在每个文件夹中都有一个web.config,如下所示。当我使用这些配置设置登录时,拒绝用户访问他的主页,如果我删除拒绝用户,则每个人都可以登录。我已经使用WSAT创建了角色并将用户添加到角色中。
适用于管理员的Web.Config
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="?"/>
</authorization>
</system.web>
</configuration>
培训师的Web.Config
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow roles="Trainer" />
<deny users="?"/>
</authorization>
</system.web>
</configuration>
根文件夹Web.Config文件
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="TSS" connectionString="Data Source = VC-SQL2008; Integrated
Security=True; database = aspnetdb" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="2880" />
</authentication>
</system.web>
<system.web>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider" connectionStringName="TSS"
requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
enablePasswordRetrieval="false" enablePasswordReset="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider"
type="System.Web.Profile.SqlProfileProvider"
connectionStringName="TSS" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="TSS" applicationName="/" name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider" />
<!--<add applicationName="/" name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider" />-->
</providers>
</roleManager>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
web.sitemap示例
enter<siteMapNode url="Administrator/Admin_Home.aspx" title="Home" description=""
roles="Administrator">
的 Login.aspx.cs 的 命名空间TSS { public partial class Login2:System.Web.UI.Page { protected void Page_Load(object sender,EventArgs e) { dbConnection dbConn = new dbConnection(); }
protected void submit_Click(object sender, EventArgs e)
{
// var a = Session["username"];
string password = tb_password.Text;
// Membership.CreateUser("s.g@visiblechanges.com", "9000");
bool x = Membership.ValidateUser(tb_email.Text, password);
string f_name;
string l_name;
string trainer="";
DataTable dt = new DataTable();
dt = TSS_WebService.getEmployeeByEmail(tb_email.Text);
foreach (DataRow row in dt.Rows)
{
f_name = row["First_Name"].ToString();
l_name = row["Last_Name"].ToString();
trainer = row["First_Name"].ToString() + " " +
row["Last_Name"].ToString();
}
if (x == true)
{
Session["username"] = tb_email.Text;
Session["trainer"] = trainer;
if (Roles.IsUserInRole(tb_email.Text, "Administrator"))
{
Response.Redirect("~/Administrator/Admin_Home.aspx");
}
if (Roles.IsUserInRole(tb_email.Text, "Trainer"))
{
Response.Redirect("~/Trainer/Trainer_Home.aspx");
}
if (Roles.IsUserInRole(tb_email.Text, "Salon Manager"))
{
Response.Redirect("~/Salon/Salon_Home.aspx");
}
if (Roles.IsUserInRole(tb_email.Text, "IT"))
{
Response.Redirect("Home.aspx");
}
}
else
{
FormsAuthentication.RedirectToLoginPage();
}
}
}
}
***Login.aspx***
<%@ Page Title="" Language="C#" MasterPageFile="~/Master/Master.Master"
AutoEventWireup="true" CodeBehind="Login.aspx.cs" Inherits="TSS.Login2" %>
<asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server">
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="BreadCrumbs" runat="server">
<asp:SiteMapPath ID="SiteMapPath1" runat="server">
</asp:SiteMapPath>
</asp:Content>
<asp:Content ID="Content3" ContentPlaceHolderID="MainArea" runat="server">
<div id = "loginBox">
<h2> LOGIN</h2>
<asp:TextBox ID="tb_email" runat="server" class = "ipBox_large"></asp:TextBox><br
/>
<asp:TextBox ID="tb_password" runat="server" class = "ipBox_large"></asp:TextBox>
<br />
<asp:ImageButton ID= "btn" ImageUrl = "../Images/btnLogin.gif" OnClick =
"submit_Click"
runat="server" />
<asp:CheckBox id="NotPublicCheckBox" runat="server" />
</div>
</asp:Content>
我已经坚持了2天,并且已经研究了我可能做的一切。非常感谢任何帮助或建议。
答案 0 :(得分:2)
使用<deny users="?"/>
而不是<deny users="*"/>
答案 1 :(得分:1)
尝试使用以下代码而不是if(x==true){...}部分if(x == true)
{
if(Request.QueryString [“ReturnUrl”]!= null)
{
//重定向到返回网址
FormsAuthentication.RedirectFromLoginPage(userName.Text,NotPublicCheckBox.Checked);
}
/* create authentication cookie */
FormsAuthentication.SetAuthCookie(tb_email.Text, NotPublicCheckBox.Checked)
Session["username"] = tb_email.Text;
Session["trainer"] = trainer;
/*redirect depending on roles*/
if (Roles.IsUserInRole(tb_email.Text, "Administrator"))
{
Response.Redirect("~/Administrator/Admin_Home.aspx");
}
if (Roles.IsUserInRole(tb_email.Text, "Trainer"))
{
Response.Redirect("~/Trainer/Trainer_Home.aspx");
}
if (Roles.IsUserInRole(tb_email.Text, "Salon Manager"))
{
Response.Redirect("~/Salon/Salon_Home.aspx");
}
if (Roles.IsUserInRole(tb_email.Text, "IT"))
{
Response.Redirect("Home.aspx");
}
}
else
{
/*Login error*/
FormsAuthentication.RedirectToLoginPage();
}
希望它有效。祝你好运。