日期:2014-05-18 浏览次数:20409 次
<system.web> <authorization> <deny users="?"/> </authorization> </system.web> <location path="userManage.aspx"> <system.web> <authorization> <allow roles="admin"/> <deny users="*"/> </authorization> </system.web> </location>
void Application_AuthenticateRequest(object sender, EventArgs e) { HttpContext ctx = (sender as HttpApplication).Context; if (ctx.Request.IsAuthenticated == true) //验证过的用户才进行role的处理 { FormsIdentity Id = (FormsIdentity)ctx.User.Identity; FormsAuthenticationTicket Ticket = Id.Ticket; //取得身份验证票 string[] Roles = Ticket.UserData.Split(','); //将身份验证票中的role数据转成字符串数组 ctx.User = new System.Security.Principal.GenericPrincipal(Id, Roles); //将原有的Identity加上角色信息新建一个GenericPrincipal表示当前用户,这样当前用户就拥有了role信息 } }