允许角色不起作用

时间:2012-05-15 19:53:56

标签: c# asp.net

我有一个包含2个文件夹的Web应用程序。管理员和培训师,包含各自的页面。我在每个文件夹中都有一个web.config,如下所示。当我使用这些配置设置登录时,拒绝用户访问他的主页,如果我删除拒绝用户,则每个人都可以登录。我已经使用WSAT创建了角色并将用户添加到角色中。

适用于管理员的Web.Config

<?xml version="1.0"?>
<configuration>
<system.web>
    <authorization>
      <allow roles="Administrator" />
      <deny users="?"/>
    </authorization>
</system.web>
</configuration>

培训师的Web.Config

<?xml version="1.0"?>
<configuration>
<system.web>
    <authorization>
      <allow roles="Trainer" />
      <deny users="?"/>
    </authorization>
</system.web>
</configuration>

根文件夹Web.Config文件

<?xml version="1.0"?>

<configuration>
<connectionStrings>
<add name="TSS" connectionString="Data Source = VC-SQL2008; Integrated
    Security=True;   database = aspnetdb" providerName="System.Data.SqlClient"/>
</connectionStrings>

<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Forms">
  <forms loginUrl="Login.aspx" timeout="2880" />
</authentication>
</system.web>

<system.web>
<membership>
  <providers>
    <clear/>
    <add name="AspNetSqlMembershipProvider"
 type="System.Web.Security.SqlMembershipProvider" connectionStringName="TSS"
 requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
 enablePasswordRetrieval="false" enablePasswordReset="false"
 maxInvalidPasswordAttempts="5" minRequiredPasswordLength="1"
 minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
 applicationName="/"/>

  </providers>
  </membership>

  <profile>
  <providers>
    <clear/>
    <add name="AspNetSqlProfileProvider"
  type="System.Web.Profile.SqlProfileProvider"
   connectionStringName="TSS" applicationName="/"/>
  </providers>
 </profile>

 <roleManager enabled="true">
  <providers>
    <clear />
    <add connectionStringName="TSS" applicationName="/" name="AspNetSqlRoleProvider"
   type="System.Web.Security.SqlRoleProvider" />
    <!--<add applicationName="/" name="AspNetWindowsTokenRoleProvider"
      type="System.Web.Security.WindowsTokenRoleProvider" />-->
  </providers>
</roleManager>

<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>

<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
关于我如何添加角色的

web.sitemap示例

enter<siteMapNode url="Administrator/Admin_Home.aspx" title="Home"  description=""
roles="Administrator"> 

Login.aspx.cs 的     命名空间TSS     {         public partial class Login2:System.Web.UI.Page         {               protected void Page_Load(object sender,EventArgs e)                {                    dbConnection dbConn = new dbConnection();                }

  protected void submit_Click(object sender, EventArgs e)
  {
       // var a = Session["username"];
       string password = tb_password.Text;
       // Membership.CreateUser("s.g@visiblechanges.com", "9000");

       bool x = Membership.ValidateUser(tb_email.Text, password);
       string f_name;
       string l_name;
       string trainer="";
       DataTable dt = new DataTable();
       dt = TSS_WebService.getEmployeeByEmail(tb_email.Text);

       foreach (DataRow row in dt.Rows)
       {
            f_name = row["First_Name"].ToString();
            l_name = row["Last_Name"].ToString();
             trainer = row["First_Name"].ToString() + " " +   
           row["Last_Name"].ToString();
       }

   if (x == true)
  {

    Session["username"] = tb_email.Text;
    Session["trainer"] = trainer;

    if (Roles.IsUserInRole(tb_email.Text, "Administrator"))
    {
         Response.Redirect("~/Administrator/Admin_Home.aspx");
    }

  if (Roles.IsUserInRole(tb_email.Text, "Trainer"))
  {

   Response.Redirect("~/Trainer/Trainer_Home.aspx");
  }

   if (Roles.IsUserInRole(tb_email.Text, "Salon Manager"))
   {

    Response.Redirect("~/Salon/Salon_Home.aspx");
   }

   if (Roles.IsUserInRole(tb_email.Text, "IT"))
    {

     Response.Redirect("Home.aspx");
     }
   }

   else
   {
        FormsAuthentication.RedirectToLoginPage();
   }
  }

  }
  }


***Login.aspx***
    <%@ Page Title="" Language="C#" MasterPageFile="~/Master/Master.Master"     
    AutoEventWireup="true" CodeBehind="Login.aspx.cs" Inherits="TSS.Login2" %>
    <asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server">
    </asp:Content>
    <asp:Content ID="Content2" ContentPlaceHolderID="BreadCrumbs" runat="server">
    <asp:SiteMapPath ID="SiteMapPath1" runat="server">
    </asp:SiteMapPath>
    </asp:Content>
    <asp:Content ID="Content3" ContentPlaceHolderID="MainArea" runat="server">
    <div id = "loginBox">
    <h2> LOGIN</h2>
    <asp:TextBox ID="tb_email" runat="server" class = "ipBox_large"></asp:TextBox><br 
    />
    <asp:TextBox ID="tb_password" runat="server" class = "ipBox_large"></asp:TextBox>  
     <br />   
     <asp:ImageButton ID= "btn" ImageUrl = "../Images/btnLogin.gif" OnClick = 
     "submit_Click"  
     runat="server" />
     <asp:CheckBox id="NotPublicCheckBox" runat="server" /> 
     </div>
    </asp:Content>

我已经坚持了2天,并且已经研究了我可能做的一切。非常感谢任何帮助或建议。

2 个答案:

答案 0 :(得分:2)

使用<deny users="?"/> 而不是<deny users="*"/>

答案 1 :(得分:1)

尝试使用以下代码而不是if(x==true){...}部分if(x == true)     {         if(Request.QueryString [“ReturnUrl”]!= null)         {             //重定向到返回网址             FormsAuthentication.RedirectFromLoginPage(userName.Text,NotPublicCheckBox.Checked);         }

    /* create authentication cookie */
    FormsAuthentication.SetAuthCookie(tb_email.Text, NotPublicCheckBox.Checked)
    Session["username"] = tb_email.Text;
    Session["trainer"] = trainer;

    /*redirect depending on roles*/
    if (Roles.IsUserInRole(tb_email.Text, "Administrator"))
    {
        Response.Redirect("~/Administrator/Admin_Home.aspx");
    }

    if (Roles.IsUserInRole(tb_email.Text, "Trainer"))
    {
        Response.Redirect("~/Trainer/Trainer_Home.aspx");
    }

    if (Roles.IsUserInRole(tb_email.Text, "Salon Manager"))
    {
        Response.Redirect("~/Salon/Salon_Home.aspx");
    }

    if (Roles.IsUserInRole(tb_email.Text, "IT"))
    {
        Response.Redirect("Home.aspx");
    }
}
else
{
    /*Login error*/
    FormsAuthentication.RedirectToLoginPage();
}

希望它有效。祝你好运。