ASPNet based on permission control

Role-based permission control in ASPNETFORUMS

ASPNETforum for user permissions, is similar to the Windows system with role-based rights control, so we can set different roles to set different roles, set the permissions of each role, and belong to different roles. Depending on the role to which the user is to determine which privileges can do, what operations are made.

First look at the database design: forums_users table, user table, userid is the primary key, unique to determine a user forums_roles table, role table, roleid as the primary key, unique to determine a role forums_usersinroles table, user, and role correspondence table, store the user's role forums_forumPermissions Table, the role is permissions of a piece of block, record which operations can be permissions in each role in each section

Take a look at how to determine the user's operation permission: When the user logs in, you have to get the information of all the forums and cache, when you get the section information, you have to get the current user in each section of the block (such as publishing new posts, vote , Accessories, etc.). There are three operations: "Permissions", "no permissions" and "not set", if it is not set, then see what the default permissions of this operation are. One user can belong to multiple characters, and each role corresponds to the operation permission. To determine if this user has the right to operate, it traverses all the characters to which the user belongs. If you have permissions, then the user has The permissions of this operation. Please refer to the specific implementation Source: Components / Forums.cs in GetForums (ForumContext forumContext, int userID, bool ignorePermissions, bool cacheable) method and Components / Provider / ForumsDataProvider.cs in PopulateForumPermissionRightFromIDataReader method.

Combination of roles and web.config: ASP.NET has a feature that can be used to control client access to the URL resource (see instructions on QuickStart). It is configurable for the HTTP method (GET or POST) for generating a request, and can be configured to allow or reject access to user groups or role groups. This method is also applied to the ASPNetforum, such as a web.config directory under the Admin Directory (Administrator Operation Related Page) and Moderate Directory (Moderator Operation Related Pages), which can set its directory through web.config URL client access.

Configuration in Web.config under Admin Directory as an Example: This indicates that any other user is disabled from accessing the page in this directory for the Global Administrators role and Site Administrators role. Because the moderator can also be accessed for some page, you can increase the following configuration: Thus, for /admin/forumadmin.aspx this URL, users who belong to the Global Moderators or Site Moderators can also have access to access. How to set the role of logging in to the user? Specific implementation Reference Source Code: Components / Roles.cs and Articles "How to Use Forms Authentication Creating GenericPrIncipal Objects"

Attached: CNForums Source Code Download