2. Tech
  3. ASP.NET system user permission design and implementation

ASP.NET system user permission design and implementation

xiaoxiao2021-03-06  47

Summary This article is based on the basic idea of ​​RBAC, using user control technology in ASP.NET, a specific implementation method of user rights control in e-commerce systems is designed.

Keywords ASP.NET Role Access Control User Control Introduction E-commerce System has high requirements for security issues, traditional access control method DAC (Discretionary Access Control, Autonomous Access Control Model), Mac (Mandatory Access Control, Forced Access Control Model It is difficult to meet complex enterprise environmental needs. Therefore, NIST (National Institute of Standards and Technology, National Standardization and Technical Committee) proposed role-based access control methods in the 1990s, realizing logic separation of users and access rights, more in line with companies, organizations, data And application characteristics. ASP.NET is Microsoft's new generation ASP (Active Server Pages) scripting language launched by JSP, which draws on the advantages of JSP, and it has some new features. This article will first introduce the basic situation of ASP.NET and the basic idea of ​​RBAC (Role Based Access Control). On this basis, a specific method of implementing user rights control in an e-commerce system is given. ASP.NET Overview 1. ASP.NET ASP.NET is the latest version of Microsoft Popular Dynamic Web Programming Technology Active Server Page (ASP), but it is far from traditional ASP simple upgrade. The biggest difference between ASP.NET and ASP is the conversion of programming thinking, ASP.NET is an object-oriented (Object-Oriented), not just functional enhancement. In ASP.NET, the web form page consists of two parts: visual elements (HTML, server controls, and static text) and programming logic for this page. Each part is stored in a separate file. The visual element is created in an extension. The code is located in a separate class file, which is called a code hidden class file extension is .aspx.vb or .aspx.cs. This way, save all elements to display in the .aspx file, save logic in the aspx.vb or .aspx.cs file. 2. User Control (UserControl) In order to enable users to easily define controls as needed, ASP.NET introduces the concept of Web Form User Controls. In fact, as long as the .aspx is slightly modified, it can be converted to the web user control, the extension is the .ascx, .ascx, .ascx, and .aspx file, there is also a memory logic code hidden class file, extension is .ascx.vb or. Ascx.cs, just it cannot be run as a standalone web form page, only when it is included in the .aspx file, the user control can work. Set user controls in the web form page by the following two steps: (1) Use the @register instruction to register the user control in the .aspx file. To register, the method of headinner.ascx is placed in a relative path "../userControl/": <% @ register tagprefix = "acme" tagname = "Head" src = "../ UserControl / Headinner. ASCX "%> (2) Declare the user control element between the start tag of the server control and the end tag (

) declares the user control element.

For example, to declare the syntax of the controls imported above: This control is part of the page and will be presented when the page is processed. Also, the public property, events, and methods of the control will open to the web form page and can be used by programming. According to this principle, the operation (such as login verification, role verification) to be executed (such as login verification, role verification) can be encapsulated during each page. RBAC's basic idea of ​​RBAC (role access control) can be expressed simply by Figure 1, ie, divide the entire access control process into two steps: access rights associated with the role, the role is associated with the user, thus achieving the user The logic separation of access rights. Since the RBAC implements logical separation of users and access rights, it greatly facilitates rights management. For example, if a user's position changes, just remove the user's current role, join the role representing new positions or new tasks, the changes between roles / permissions are relatively slow than the changes between roles / user relationships. Many, and delegated users to the role without many technologies, they can be implemented by administrative personnel, and the configuration rights to the role is more complicated. It takes certain technologies to be borne by specialized technicians, but do not give them users. Permissions, this is just consistent with the situation in reality. User Permissions In .NET, Design and Implementation of Utilization. The basic idea of ​​implementing permission control in the .NET is: assign a role to the user according to the basic principle of role access control (RBAC), each role corresponds to some permissions, then Use the user control (UserControl) in ASP.NET to determine whether the role of the user has access to the access page. The specific implementation process will be set forth from three aspects of the database design, add role, and user controls. 1. Design of the database in the database First, design three tables such as function module tables, menu and role tables in the database. (1) Function Module Table In order to manage the permissions of the user, first organize the module of the system, and design a function module table for this purpose. See Table 1. (2) Functional Table Each functional module is called function, such as the product management module Goods (the category of functional modules) contains product information queries, product information update, product information deletion, product pricing information query, commodity pricing The information update is five functions, and the design of the menu is shown in Table 2. The example mentioned above can be inserted into a function module table and a function table as such a record separately.

Insert Into TModule Values ​​(0, 'Product Management Module', 'Goods', 5); Insert Into TFunction Values ​​(0,' Product Information Query ',' Selectgoods', 0); Insert Into TFunction VALUES (1, 'Product Information Update ',' updategoods ', 0); Insert Into TFunction VALUES (2,' Product Information Delete ", 'deletegoods', 0); Insert Into TFunction Values ​​(3, 'Product Pricing Information Query', 'SelectGoodsprice', 0) Insert INTO TFUNCTION VALUES (4, 'Product Pricing Information Update', 'UpdateGoodSprice', 0); (3) The design key of the role table role table is the definition of the role value, which is a similar binary number consisting of 0 and 1 String. The FUNCNO field in the function table represents the position in the Role Value field in the role table, if the value corresponding to the location is 0, indicating that the role is no such authority, if the value is 1, then Indicates that the role has this authority. Such as the role of the role is 100100 ... 00 (a total of 100), as shown above, the function number of the product information query is 0, the 0th bit of the role value of 100100 ... 00 is 1, so the ordinary member role has product information The function of the query;, in contrast, the first bit of the role value is 0, and the function of the function number is 1 is updated for the product information, so the ordinary member role does not have the permissions of the product information update. Their relationship can be represented by Figure 2. 2, the role is added with several tables, the function module of the role page, and its corresponding functions can be read from the function module table and the function table, as shown in Figure 3. When you insert a new role normal member into the database, you first set all the bits of the role value to 0, then use the Replace function in the .NET Framework class library to change the value of the function of the hook in the role value accordingly. To 1. For example, the newly added role name is the role of ordinary members, and its features are available for product information query (function number 0) and commodity pricing information query (function number 3), the role value should be 1001000 ... 00 (100 Bit), that is, the value of the 0th and third bits in the role value is 1, the rest is 0.3, and the user control is used to implement access rights in defining the user control .ascx file (head.ascx) and .ascx.cs ( Head.ascx, CS) file, next to the registration and declaration of it in the .aspx file. (1) Registration (2) Declaration After the Practice, declaration in .aspx files. SASCX files can be divided into several cases: the first case: second case: third case: field FLAG is used to control how to control Sign for permission check, FuncName refers to the function in the function table.

转载请注明原文地址:https://www.9cbs.com/read-74941.html

9cbs

New Post(0)