Authorization Asp.net web.config

问题

I have an application that has a backoffice. This backoffice was isolated with the use of roles like this:

<location path="backoffice">
    <system.web>
        <authorization>
            <allow roles="admin"/>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

But now we have another type of role that needs access. The companyadmin role.

Can I just say?:

 <location path="backoffice">
        <system.web>
            <authorization>
                <allow roles="admin,companyadmin"/>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>

回答1:

Yes, exactly so (assuming you properly authenticated your users, and set their roles accordingly). Check the MSDN article: http://msdn.microsoft.com/en-us/library/8d82143t(VS.71).aspx

回答2:

Yes, roles, users and verbs takes comma separated values.

MSDN Reference

回答3:

yes, you can add n roles like that.

If you prefer, you can also:

<allow roles="admin"/>
<allow roles="admin1"/>
<deny users="*"/>

来源：https://stackoverflow.com/questions/642515/authorization-asp-net-web-config

标签

ASP.NET

security

web-config

roles

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!