introduction
E-commerce systems have high requirements for security issues, traditional access control methods DAC (Discretionary Access Control, Autonomous Access Control Model), Mac (Mandatory Access Control, Forced Access Control Model) It is difficult to meet complex enterprise environmental needs. Therefore, NIST (National Institute of Standards and Technology, National Standardization and Technical Committee) proposed role-based access control methods in the 1990s, realizing logic separation of users and access rights, more in line with companies, organizations, data And application characteristics. ASP.NET is Microsoft's new generation ASP (Active Server Pages) scripting language launched by JSP, which draws on the advantages of JSP, and it has some new features.
This article will first introduce the basic situation of ASP.NET and the basic idea of RBAC (Role Based Access Control). On this basis, a specific method of implementing user rights control in an e-commerce system is given.
ASP.NET overview
1, ASP.NET
ASP.NET is the latest version of Microsoft Popular Dynamic Web Programming Technology Active Server Page (ASP), but it is far from traditional ASP simple upgrade. The biggest difference between ASP.NET and ASP is the conversion of programming thinking, ASP.NET is an object-oriented (Object-Oriented), not just functional enhancement.
In ASP.NET, the web form page consists of two parts: visual elements (HTML, server controls, and static text) and programming logic for this page. Each part is stored in a separate file. The visual element is created in an extension. The code is located in a separate class file, which is called a code hidden class file extension is .aspx.vb or .aspx.cs. This way, save all elements to display in the .aspx file, save logic in the aspx.vb or .aspx.cs file.
2, user control (UserControl)
In order to enable users to easily define controls as needed, ASP.NET introduces the concept of Web Form User Controls. In fact, as long as the .aspx is slightly modified, it can be converted to the web user control, the extension is the .ascx, .ascx, .ascx, and .aspx file, there is also a memory logic code hidden class file, extension is .ascx.vb or. Ascx.cs, just it cannot be run as a standalone web form page, only when it is included in the .aspx file, the user control can work.
Set the user control in the web form page by the following two steps:
(1) Use the @ register instruction to register the user control in the .aspx file. To register, the headerinner.ascx in the relative path "../userControl/" is:
<% @ Register tagprefix = "acme" tagname = "Head" src = "../ userControl / headinner.ascx"%>
(2) The user control element is declared between the start tag of the server control and the end tag (