What is the most unobtrusive way to add a layer of security for a private beta of website?

点点圈 提交于 2019-12-24 03:27:37

问题


Let's say I have an ASP.NET site (MVC in this case) that uses Forms authentication and a typical membership system. The site allows both authenticated and anonymous users.

When I release the site as a private beta I want to add another layer of security on top of the application, like superuser's simple password system, for example. Once a user has passed this layer of security, I still want my forms authentication/membership system in place so beta testers can view the site as authenticated or anonymous users.

What's the most unobtrusive way to achieve this? I'm looking for the easiest solution that will require the least amount of new or modified code. E.g. I don't want to modify every controller to check for a special cookie. There must be a better way...

There's a very similar question here, but it seems the site in question (once public) will only serve anonymous requests, so it doesn't necessarily compare to my situation. This answer suggests ServerFault used some cookie system, but there are no further details about how it might have been implemented.


回答1:


Implement security at server level, in IIS and add the accounts/passwords in Active Directory of Windows running the IIS server.

You won't need to change any of the code.




回答2:


Well, I know you don't want to modify your current controllers but here's what I did for a similar behaviour.
I've created a custom ActionFilterAttribute that I've given to every controller that requires to have that specific access check. You can have something like this :

public class CheckBetaAccess : ActionFilterAttribute {
   public override void OnActionExecuting(ActionExecutingContext filterContext) {
        if (!canAccess) {
            filterContext.Controller.ViewData["someViewData"] = "some text";
            filterContext.Result = new ViewResult {
                ViewName = "the-view-anonymous-users-should-see",
                ViewData = filterContext.Controller.ViewData
            };
            filterContext.Result.ExecuteResult(filterContext);
        }
    }
}

Then I decorated my controllers :

[CheckBetaAccess]
public class SomeController : Controller {
    //....
}


来源:https://stackoverflow.com/questions/1171897/what-is-the-most-unobtrusive-way-to-add-a-layer-of-security-for-a-private-beta-o

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!