问题
I have an location element in my web.config like so:
<location path="Admin">
<system.web>
<authorization>
<allow roles="Domain\Development"/>
<deny users="*" />
</authorization>
</system.web>
</location>
This works to only allow members of the development group access to this folder.
I was wondering if there is a way to simply test if a user has access to this folder?
One scenario is creating menu items. I'd simply like to hide or not render links to pages in this folder if the user does not have the proper rights.
Is there a way to do this in code. I don't want to have to hard code a check for membership in Domain\Development rather I'd like to use asp.net to tell me if this current user has access.
This would be nice if the rules get more complicated etc. Also having this in one place enforces DRY (Don't Repeat Yourself).
回答1:
Through a related question I found the answer. Call UrlAuthorizationModule.CheckUrlAccessForPrincipal. (Documentation is here.) You can give it a path and a user (such as Page.User for the current user), and it will tell you if the user can access that path.
I like this for exactly the reason you mentioned: You can put your access logic in one place.
来源:https://stackoverflow.com/questions/3026293/how-to-test-asp-net-location-folder-authorization-programmatically