.net 中已经为我们提供了系统角色与权限的操作,只不过实现的方案不是很详尽,所以我们对它稍加修改则可以实现我们所需要的方案。context.User中保存的信息就是相关的角色与权限信息。Context.User类型为System.Security.Principal.IPrincipal;Context.User.Identity为System.Security.Principal.IIdentity,因此只要我们实现的上述的两个接口便可实现我们所需的方案
首先定义类SitePrincipal代码如下:
Imports System
Imports System.Web
''' ------------------------------------------------------
''' Project : Accounts.Business
''' Class : WebModules.Accounts.Business.SitePrincipal
'''
''' -----------------------------------------------------
''' <summary>
''' 本类通过实现[System.Security.Principal.IIdentity]接口来实现本站点权限管理
''' </summary>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' -------------------------------------------------------
Public Class SitePrincipalClass SitePrincipal
Implements System.Security.Principal.IPrincipal
#Region "私有变量"
Private _Identity As System.Security.Principal.IIdentity
Private _PermissionList As ArrayList
Private _RoleList As ArrayList
#End Region
#Region "构造函数"
''' -----------------------------------------------------
''' <summary>
''' 通过用户ID号来实例化
''' </summary>
''' <param name="UserID">用户ID号</param>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' ------------------------------------------------------
Public Sub New()Sub New(ByVal UserID As Integer)
Dim User As New Data.User
Me._Identity = New Business.SiteIdentity(UserID)
Me._RoleList = User.GetUserRoles(UserID)
Me._PermissionList = User.GetEffectivePermissionList(UserID)
End Sub
''' ------------------------------------------------------
''' <summary>
''' 通过登录帐号来实例化
''' </summary>
''' <param name="EmailAddress">登录帐号</param>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' ------------------------------------------------------
Public Sub New()Sub New(ByVal EmailAddress As String)
Dim User As New Data.User
Me._Identity = New Business.SiteIdentity(EmailAddress)
Me._RoleList = User.GetUserRoles(CType(Me._Identity, SiteIdentity).UserID)
Me._PermissionList = User.GetEffectivePermissionList(CType(Me._Identity, SiteIdentity).UserID)
End Sub
#End Region
#Region "[System.Security.Principal.IPrincipal]接口的实现方法"
''' -------------------------------------------------------
''' <summary>
''' [System.Security.Principal.IPrincipal]接口的Identity实现方法
''' </summary>
''' <value></value>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' -----------------------------------------------------
Public ReadOnly Property Identity()Property Identity() As System.Security.Principal.IIdentity Implements System.Security.Principal.IPrincipal.Identity
Get
Return Me._Identity
End Get
End Property
''' ----------------------------------------------------------
''' <summary>
''' [System.Security.Principal.IPrincipal]接口的IsInRole实现方法
''' </summary>
''' <param name="role">角色名称</param>
''' <returns></returns>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' ------------------------------------------------------
Public Function IsInRole()Function IsInRole(ByVal Role As String) As Boolean Implements System.Security.Principal.IPrincipal.IsInRole
Return Me._RoleList.Contains(Role)
End Function
#End Region
#Region "新增属性"
''' -------------------------------------------------------
''' <summary>
''' 验证是否有相应的许可
''' </summary>
''' <param name="PermissionID">许可ID号</param>
''' <value></value>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' ---------------------------------------------------
Public ReadOnly Property HasPermission()Property HasPermission(ByVal PermissionID As Integer) As Boolean
Get
Return Me._PermissionList.Contains(PermissionID)
End Get
End Property
''' ----------------------------------------------------
''' <summary>
''' 返回角色列表
''' </summary>
''' <value></value>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' --------------------------------------------------------
Public ReadOnly Property Roles()Property Roles() As ArrayList
Get
Return Me._RoleList
End Get
End Property
''' ----------------------------------------------------
''' <summary>
''' 返回许可列表
''' </summary>
''' <value></value>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' ------------------------------------------------------
Public ReadOnly Property Permissions()Property Permissions() As ArrayList
Get
Return Me._PermissionList
End Get
End Property
#End Region
#Region "新增方法"
''' -----------------------------------------------------
''' <summary>
''' 验证登录.iif(登录成功,return SitePrincipal,return nothing)
''' </summary>
''' <param name="EmailAddress">登录帐号</param>
''' <param name="Password">登录密码</param>
''' <returns></returns>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' -----------------------------------------------------
Public Shared Function ValidateLogin()Function ValidateLogin(ByVal EmailAddress As String, ByVal Password As String) As Business.SitePrincipal
Dim User As Data.User
Dim newID As Integer
newID = User.ValidataLogin(EmailAddress, Password)
If newID > 0 Then
Return New SitePrincipal(EmailAddress)
Else
Return Nothing
End If
End Function
#End Region
End Class
接着定义类SiteIdentity,代码如下:
Imports System
Imports System.Web
Imports Mrhjw.Components
''' -------------------------------------------------------
''' Project : Accounts.Business
''' Class : WebModules.Accounts.Business.SiteIdentity
'''
''' -------------------------------------------
''' <summary>
''' 本类通过实现[System.Security.Principal.IIdentity]接口来实现本站点权限管理
''' </summary>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' ---------------------------------------------------------
Public Class SiteIdentityClass SiteIdentity
Implements System.Security.Principal.IIdentity
#Region "私有变量"
Private _UserName As String '//用户名
Private _EmailAddress As String '//帐号
Private _PassWord As String '//密码
Private _UserID As Integer '//用户ID号
Private _Theme As String = String.Empty '//用户的主题_默认为'default'
#End Region
#Region "构造函数"
''' ------------------------------------------------
''' <summary>
''' 通过登录帐号来实例化
''' </summary>
''' <param name="EmailAddress">登录帐号</param>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' -----------------------------------------------------
Public Sub New()Sub New(ByVal EmailAddress As String)
Dim User As New Data.User
Dim Dr As DataRow
Dr = User.Retrieve(EmailAddress)
'''to do something
'''
'''
'''
'''
AppGlobals.Skin = Me._Theme
End Sub
''' -------------------------------------------------
''' <summary>
''' 根据用户ID号来实例化
''' </summary>
''' <param name="UserID"></param>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' -------------------------------------------------
Public Sub New()Sub New(ByVal UserID As Integer)
Dim User As New Data.User
Dim Dr As DataRow
Dr = User.Retrieve(UserID)
'''to do something
'''
'''
'''
'''
'''
AppGlobals.Skin = Me._Theme
End Sub
#End Region
#Region "[System.Security.Principal.IIdentity]接口的实现方法"
''' -----------------------------------------------------
''' <summary>
''' System.Security.Principal.IIdentity接口的AuthenticationType实现
''' </summary>
''' <value></value>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' ------------------------------------------------
Public ReadOnly Property AuthenticationType()Property AuthenticationType() As String Implements System.Security.Principal.IIdentity.AuthenticationType
Get
Return "custom AuthenticationType"
End Get
End Property
''' --------------------------------------------------
''' <summary>
''' System.Security.Principal.IIdentity接口的IsAuthenticated实现,返回true,由于必须在通过验证后才使用本类,故返回true
''' </summary>
''' <value></value>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' ---------------------------------------------
Public ReadOnly Property IsAuthenticated()Property IsAuthenticated() As Boolean Implements System.Security.Principal.IIdentity.IsAuthenticated
Get
Return True
End Get
End Property
''' --------------------------------------------------------
''' <summary>
''' System.Security.Principal.IIdentity接口的Name实现
''' </summary>
''' <value></value>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' ---------------------------------------------------------
Public ReadOnly Property Name()Property Name() As String Implements System.Security.Principal.IIdentity.Name
Get
Return Me._UserName
End Get
End Property
#End Region
#Region "新增属性"
''' ----------------------------------------------------
''' <summary>
''' 返回登录帐号 (EmailAddress)
''' </summary>
''' <value></value>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' -------------------------------------------------------
Public ReadOnly Property EmailAddress()Property EmailAddress() As String
Get
Return Me._EmailAddress
End Get
End Property
''' --------------------------------------------------
''' <summary>
''' 返回密码
''' </summary>
''' <value></value>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' ------------------------------------------------------
Public ReadOnly Property PassWord()Property PassWord() As String
Get
Return Me._PassWord
End Get
End Property
''' ------------------------------------------------------
''' <summary>
''' 返回用户的ID号
''' </summary>
''' <value></value>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' -----------------------------------------------
Public ReadOnly Property UserID()Property UserID() As Integer
Get
Return Me._UserID
End Get
End Property
''' ----------------------------------------
''' <summary>
''' 用户的主题信息
''' </summary>
''' <value></value>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-14 Created
''' </history>
''' --------------------------------------------
Public ReadOnly Property Theme()Property Theme() As String
Get
Return Me._Theme
End Get
End Property
#End Region
'//THE END
End Class
然后我们定义一个页面基类,让所有的页面都继承它
AppPage.vb代码如下:
Imports System
Imports System.Web
Namespace ComponentsNamespace Components.Web
''' -------------------------------------------------
''' Project : SimpleDemo
''' Class : Components.Web.AppPage
'''
''' --------------------------------------------------
''' <summary>
''' 本类为本站所有页面文件的基类, _
''' 所有页面都直接或间接继承此类。
''' 本类通过继承system.web.ui.page,实现对page的扩展
''' 对于要增加页面功能,再只需修改此类即可
''' </summary>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-11 Created
''' </history>
''' -------------------------------------------------
Public Class AppPageClass AppPage
Inherits System.Web.UI.Page
''' ----------------------------------------------
''' <summary>
''' 一:初始化自定义验证; 二:添加一个错误委托
''' </summary>
''' <param name="e"></param>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-11 Created
''' </history>
''' --------------------------------------------------
Protected Overrides Sub OnInit()Sub OnInit(ByVal e As System.EventArgs)
If context.User.Identity.IsAuthenticated = True Then
If Not (TypeOf context.User Is WebModules.Accounts.Business.SitePrincipal) Then
Dim newUser As New WebModules.Accounts.Business.SitePrincipal(context.User.Identity.Name)
context.User = newUser
End If
End If
'//添加一个错误委托
'AddHandler Page.Error, AddressOf Me.PhilePage_Error
End Sub
#Region "异常处理"
''' ----------------------------------------------------
''' <summary>
''' 异常事件处理
''' </summary>
''' <param name="sender"></param>
''' <param name="e"></param>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-11 Created
''' </history>
''' ------------------------------------------------
Protected Sub PhilePage_Error()Sub PhilePage_Error(ByVal sender As Object, ByVal e As EventArgs)
Dim currentError As Exception = Page.Server.GetLastError()
If Not (TypeOf currentError Is AppException.AppException) Then
Mrhjw.AppException.AppException.LogError(currentError.Message.ToString)
End If
ShowError(currentError)
Page.Server.ClearError()
End Sub
''' ------------------------------------------------------
''' <summary>
''' 自定义显示友好的错误消息
''' </summary>
''' <param name="currentError"></param>
''' <remarks>
''' </remarks>
''' <history>
''' [Mrhjw] 2005-3-11 Created
''' </history>
''' --------------------------------------------------------
Protected Sub ShowError()Sub ShowError(ByVal currentError As Exception)
Dim context As HttpContext = HttpContext.Current
context.Response.Write("<table width=100% height=100% border=0 cellpadding=0 cellspacing=0><tr><td align=center valign=middle><font size=2 color=red>" & currentError.Message.Trim & "</font></td></tr></table>")
End Sub
#End Region
End Class
End Namespace
登录调用:Login.aspx.vb
Private Sub link_log_Click()Sub link_log_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles link_log.Click
Dim newUser As SitePrincipal = SitePrincipal.Validatelogin(textuser.Text.Trim, txtpass.Text.Trim)
If newUser Is Nothing Then
Alert(textuser.Text.Trim + "帐号登录失败!,请重试!", Page)
Else
context.User = newUser
FormsAuthentication.SetAuthCookie(textuser.Text.Trim, False)
Response.Redirect("default.aspx")
End If
End Sub
权限管理运用:
Public Class AuditingOrderClass AuditingOrder
Inherits AppPage
Protected Overrides Sub oninit()Sub oninit(ByVal e As EventArgs)
MyBase.OnInit(e)
End Sub
Private Sub Page_Load()Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
If Not IsPostBack Then
'//检查权限
If CType(context.User, accounts.business.SitePrincipal).HasPermission(CInt(accounts.BusinessPermissions.ManagerOrder)) = False Then
Response.Redirect("../webpage/limit.aspx")
Else
'//绑定下拉列表框
BindActiveList()
over.Text = DateAdd(DateInterval.Day, 1, Now()).ToString("d")
start.Text = DateAdd(DateInterval.Month, -1, Now()).ToString("d")
'//加载需要处理的订单
BindMustOrderList()
End If
End If
End Sub
最后附上数据库图表:
用户角色表(Accounts_UserRoles)
角色表(Accounts_Roles)
角色许可表(Accounts_RolePermissions)
具体许可表(Accounts_Permissions)
许可类目表(Accounts_PermissionCategories)[此表可有可无,只是为了Accounts_Permissions表的条理清淅而设的]
还要定义枚举对象
Public Enum AccountsPermissions
CreateNewusers = 100 '//创建新帐号
Deleteusers = 101 '//删除帐号
ManagerRoles = 102 '//管理角色
ManagerUsers = 104 '//管理用户
ManagerDepartment = 105 '//管理部门
End Enum
(一定要注意要与数据库的记录相对应,也就是Accounts_Permissions表)