对服务器控件应用安全性

• 下载 ControlLevelSecurity - 34.33 KB

引言

访问级别分为页面级别、控件级别和链接级别。我们需要一种通用的方法，以便在实现时，开发人员可以轻松地将其复制到整个项目中。

使用的技术：asp.net 1.1，C#，IIS6.0，Visual Studio 2003

背景

在一个.Net项目中，客户需要根据角色和用户控制访问权限。访问级别分为页面级别、控件级别和链接级别。我们需要一种通用的方法，以便在实现时，开发人员可以轻松地将其复制到整个项目中。我修改了代码，使其简单易懂且易于实现。您可以按以下方式使用该代码。

1. 模块级别访问控制：登录的用户是否应被允许访问该模块
2. 页面级别访问控制：如果用户有权限，则允许/拒绝访问网页
3. 功能级别访问控制：在一个网页中，您可能有很多功能，但您想授予特定用户组访问权限
4. 隐藏/禁用服务器控件，如按钮、链接按钮、超链接、文本框、下拉列表等。
5. 禁用/隐藏DataGrid、DataList、Repeater控件中的控件
6. 用户可以属于管理员、操作员、销售代表、销售代表管理员等组。
7. 除此之外，如果用户属于某个特定组，它将继承该组的属性。如果您进一步微调该组的权限，这是可能的。

使用代码

// On Page Load call like below           
private void Page_Load(object sender, System.EventArgs e)

{

if (!IsPostBack)

ConfigureAccessRightControls();

}


private void ConfigureAccessRightControls()

{

AccessRight accRight=new AccessRight();

//Controls access

ControlAccessPairCollection controlAccessPairCollection=new ControlAccessPairCollection();

controlAccessPairCollection.Add(ControlAccessPair.Add(btn1, 1));

controlAccessPairCollection.Add(ControlAccessPair.Add(btn2, 2));

controlAccessPairCollection.Add(ControlAccessPair.Add(btn3, 3));



controlAccessPairCollection.Add(ControlAccessPair.Add(hlink1, 4));

controlAccessPairCollection.Add(ControlAccessPair.Add(hlink3, 6));

controlAccessPairCollection.Add(ControlAccessPair.Add(ddl1, 7));

controlAccessPairCollection.Add(ControlAccessPair.Add(ddl3, 9));



accRight.ConfigureAccess(ref controlAccessPairCollection); 

}
  

/// <summary>

/// Page Level Access

/// If allowed then go Ahead, else deny access.

/// </summary>

private void CheckPageAccess()

{

if (!AccessRight.GetAccessRight("Feature", 4))

{

Server.Transfer("../AccessRights/AccessDenied.aspx");

}

}


/// <summary>
/// DataGrid

/// After datagrid is bound, then only we can give access rights to individual cells

/// </summary>

/// <param name="sender"></param>

/// <param name="e"></param>

private void dgCustomer_PreRender(object sender, EventArgs e)

{

//For a cell with multiple controls

AccessRight accRight=new AccessRight();

ControlAccessPairCollection controlAccessPairCollection=new ControlAccessPairCollection();

controlAccessPairCollection.Add(ControlAccessPair.Add("hypPreferred", 1));

//controlAccessPairCollection.Add(ControlAccessPair.Add("hypList", 2));

controlAccessPairCollection.Add(ControlAccessPair.Add("hypCopy", 0));

accRight.ConfigureAccess(ref dgCustomer, controlAccessPairCollection);

}


 
#region AccessRight class

/// <summary>

/// Configures access for controls

/// </summary>

public class AccessRight

{



#region AccessRight : Constructor

public AccessRight()

{ 

}

#endregion



#region Controls Access Rights

/// <summary>

/// Configures the access for controls

/// </summary>

/// <param name="htControl"></param>

/// <param name="iUserTypeCode"></param>

public void ConfigureAccess(ref ControlAccessPairCollection collection) 

{



for(int iCount=0; iCount<collection.Count; iCount++)

{

ControlAccessPair controlAccessPair=new ControlAccessPair();

controlAccessPair=(ControlAccessPair)collection.Item(iCount);

object webControl=new object();

int iAccessCode;

webControl=controlAccessPair.GetControl;

iAccessCode=controlAccessPair.GetCode;

ConfigureControlAccess(ref webControl, "Feature", iAccessCode);

}

}

#endregion



#region Grid Access Rights

public void ConfigureAccess(ref DataGrid dgGrid, ControlAccessPairCollection collection) 

{

//for each row controls 



foreach (DataGridItem control in dgGrid.Items)

{

for(int iCount=0; iCount<collection.Count; iCount++)

{

ControlAccessPair controlAccessPair=new ControlAccessPair();

controlAccessPair=(ControlAccessPair)collection.Item(iCount);

object obj =(object)control.FindControl((string)controlAccessPair.GetControl);

ConfigureControlAccess(ref obj, "Feature", controlAccessPair.GetCode);

}

}

}

#endregion

#region DataList Access Rights

public void ConfigureAccess(ref DataList dList, ControlAccessPairCollection collection) 

{

foreach (DataListItem control in dList.Items)

{

for(int iCount=0; iCount<collection.Count; iCount++)

{

ControlAccessPair controlAccessPair=new ControlAccessPair();

controlAccessPair=(ControlAccessPair)collection.Item(iCount);

object obj =(object)control.FindControl((string)controlAccessPair.GetControl);

ConfigureControlAccess(ref obj, "Feature", controlAccessPair.GetCode);

}

}

}

#endregion



#region Repeater Access Rights

public void ConfigureAccess(ref Repeater repeater, ControlAccessPairCollection collection) 

{

foreach (RepeaterItem control in repeater.Items)

{

for(int iCount=0; iCount<collection.Count; iCount++)

{

ControlAccessPair controlAccessPair=new ControlAccessPair();

controlAccessPair=(ControlAccessPair)collection.Item(iCount);

object obj =(object)control.FindControl((string)controlAccessPair.GetControl);

ConfigureControlAccess(ref obj, "Feature", controlAccessPair.GetCode);

}

} 

}

#endregion



#region ConfigureAccess - Given the Cell Numbers

/// <summary>

/// Configures Grid Cell Contains multiple Controls

/// </summary>

/// <param name="dgGrid"></param>

/// <param name="iGridCellCode"></param>

/// <param name="collection"></param>

public void ConfigureAccess(ref DataGrid dgGrid,int iGridCellCode, ControlAccessPairCollection collection) 

{

//for each row controls 

for (int iGridCount=0;iGridCount<dgGrid.Items.Count;iGridCount++)

{

TableCell cell=new TableCell();

cell=dgGrid.Items[iGridCount].Cells[iGridCellCode];



for(int iCount=0; iCount<collection.Count; iCount++)

{

ControlAccessPair controlAccessPair=new ControlAccessPair();

controlAccessPair=(ControlAccessPair)collection.Item(iCount);

object webControl=new object();

int iAccessCode;

string CellControlID;

webControl=controlAccessPair.GetControl;

CellControlID=(string)webControl;

iAccessCode=controlAccessPair.GetCode;



if (cell.HasControls())

{

object obj=new object();

obj=cell.FindControl(CellControlID);

ConfigureControlAccess(ref obj,"Feature", iAccessCode);

}

}

}

}

#endregion



#region ConfigureControlAccess

private void ConfigureControlAccess(ref object webControl,string AccessType, int iAccessCode )

{

bool enabled=GetAccessRight(AccessType, iAccessCode);

if (enabled) return;

try

{

switch(webControl.GetType().ToString())

{

case "System.Web.UI.WebControls.TextBox": 

{

TextBox txtBox=new TextBox();

txtBox=(TextBox)webControl;

txtBox.Enabled=enabled; // based on the iAccessCode enable, disable, visible, invisible

break;

}

case "System.Web.UI.WebControls.DropDownList": 

{

DropDownList dropDownList=new DropDownList();

dropDownList=(DropDownList)webControl;

dropDownList.Enabled=enabled;

break;

}

case "System.Web.UI.WebControls.LinkButton": 

{

LinkButton linkButton=new LinkButton();

linkButton=(LinkButton)webControl;

linkButton.Enabled=enabled;

break;

}

case "System.Web.UI.WebControls.HyperLink": 

{

HyperLink hyperLink=new HyperLink();

hyperLink=(HyperLink)webControl;

hyperLink.Enabled=enabled;

break;

}

case "System.Web.UI.WebControls.CheckBox": //(typeof(CheckBox).ToString()):

{

CheckBox checkBox=new CheckBox();

checkBox=(CheckBox)webControl;

checkBox.Enabled=enabled;

break;

}



case "System.Web.UI.WebControls.ListBox": 

{

ListBox listBox=new ListBox();

listBox=(ListBox)webControl;

listBox.Enabled=enabled;

break;

}



case "System.Web.UI.WebControls.RadioButton": 

{

RadioButton radioButton=new RadioButton();

radioButton=(RadioButton)webControl;

radioButton.Enabled=enabled;

break;

}



case "System.Web.UI.WebControls.Button": 

{

Button button=new Button();

button=(Button)webControl;

button.Enabled=enabled;

break;

}



case "System.Web.UI.HtmlControls.HtmlAnchor":

{

HtmlAnchor htmlAnchor=new HtmlAnchor();

htmlAnchor=(HtmlAnchor)webControl;

htmlAnchor.Disabled=enabled;

htmlAnchor.Style.Add("cursor","default");

break;

}

case "System.Web.UI.HtmlControls.HtmlButton":

{

HtmlButton htmlButton=new HtmlButton();

htmlButton=(HtmlButton)webControl;

htmlButton.Disabled=!enabled;

break;

}

case "System.Web.UI.HtmlControls.HtmlInputButton":

{

HtmlInputButton htmlButton=new HtmlInputButton();

htmlButton=(HtmlInputButton)webControl;

htmlButton.Disabled=!enabled;

break;

}

case "System.Web.UI.WebControls.DataGrid": 

{

DataGrid dataGrid=new DataGrid();

dataGrid=(DataGrid)webControl;

dataGrid.Enabled=enabled;

break;

}

default:

{

break;

}

}

}

catch(System.NullReferenceException nullReferenceException)

{

throw new NullReferenceException("Not a valid cell type or control type.",nullReferenceException);

}

catch(Exception ex)

{

throw ex;

}

}

#endregion



#region GetAccessRight

public static bool GetAccessRight(string AccessType,int iAccessCode)

{

return ManageCache.GetAccessRight(AccessType, iAccessCode);

}

#endregion

}

 

#endregion


 

#region ControlAccessPairCollection Class

/// <summary>

/// Control AccessRight Pair Collection

/// </summary>

public class ControlAccessPairCollection:CollectionBase

{

public ControlAccessPairCollection()

{

}



public void Add(ControlAccessPair controlAccessPair)

{

List.Add(controlAccessPair);

}



public void Remove(int index)

{

// Check to see if there is a widget at the supplied index.

if (index > Count - 1 || index < 0)

// If no ControlAccessPair exists, a messagebox is shown and the operation 

// is cancelled.

{

//System.Windows.Forms.MessageBox.Show("Index not valid!");

}

else

{

List.RemoveAt(index); 

}

}

public ControlAccessPair Item(int Index)

{

// The appropriate item is retrieved from the List object and

// explicitly cast to the Widget type, then returned to the 

// caller.

return (ControlAccessPair) List[Index];

}

 

}

#endregion

#region ControlAccessPair Class

/// <summary>

/// Control AccessRight Pair

/// </summary>

public class ControlAccessPair

{

private Object custom_control;

private int code;

public ControlAccessPair()

{

}

/// <summary>

/// Private constructor which initilizes the members of the class

/// </summary>

/// <param name="control"></param>

/// <param name="accessCode"></param>

private ControlAccessPair(object control, int accessCode)

{

custom_control=control;

code=accessCode; 

}



/// <summary>

/// Creates an instance of ControlAccessPair Class and returns an object of it

/// </summary>

/// <param name="customControl"></param>

/// <param name="Code"></param>

/// <returns></returns>

public static ControlAccessPair Add(object customControl, int Code)

{

ControlAccessPair controlAccessPair=new ControlAccessPair(customControl,Code);

return controlAccessPair;

}



/// <summary>

/// Instance member to add the control and AccessCode to the object

/// </summary>

/// <param name="customControl"></param>

/// <param name="Code"></param>

public void AddControl(object customControl, int Code)

{

custom_control=customControl;

code=Code;

}

/// <summary>

/// Returns the control

/// </summary>

public object GetControl

{

get

{

return custom_control;

}

}

/// <summary>

/// Returns the AccessCode

/// </summary>

public int GetCode

{ 

get

{

return code;

}

}

}

#endregion

#region Manage Cache Class

/// <summary>

/// Manage the AccessRights Cache

/// </summary>

public class ManageCache

{

private static ManageCache manageCache;

private static DataSet dsCahce;

/// <summary>

/// Static Constructor

/// </summary>

static ManageCache()

{

if (manageCache==null)

{

manageCache=new ManageCache();

dsCahce=new DataSet();

}

}

/// <summary>

/// Returns a boolean for the AccessCode

/// </summary>

/// <param name="AccessType"></param>

/// <param name="iAccessCode"></param>

/// <returns></returns>

public static bool GetAccessRight(string AccessType,int iAccessCode) 

{

return manageCache.AccessRight(AccessType, iAccessCode);

}

/// <summary>

/// Returns true if allowed, false for not allowed

/// </summary>

/// <param name="AccessType"></param>

/// <param name="iAccessCode"></param>

/// <returns></returns>

private bool AccessRight(string AccessType, int iAccessCode)

{

int typeCode = 1;// User.UserRoleCode; dynamically you can get the typecode

GetAccessRightsFromCache();

DataView dview =new DataView();

dview=dsCahce.Tables[0].DefaultView;

dview.RowFilter="ModulePageFeatureCode="+iAccessCode +" and UserTypeCode="+ typeCode;

if (dview.Count==0) //means there is no entry in the db so it is allowed

{

return true;

}

else

{

return false;

}

}

public void UpdateAccessRightsCache()

{

dsCahce.Tables.Clear();

GetAccessRightsFromCache();

}

private void GetAccessRightsFromCache()

{

//singleton Implementation

if (dsCahce.Tables.Count==0)

{

GetAccessRights(ref dsCahce);

}

//Cache Implementation

//Cache cache=HttpContext.Current.Cache;

//string cacheName="CACHE_ACCESSRIGHTS";



// if (cache[cacheName]==null)

// {

// GetAccessRights(ref ds);

// cache[cacheName]=ds;

// }

// else

// {

// ds=(DataSet)cache[cacheName];

// }

}

private void GetAccessRights(ref DataSet ds)

{



//AdminDA.AdminDA adminDA=new AdminDA.AdminDA();

//adminDA.GetAccessRights(ref ds);

//you can get access right detail for the user type or for the user from database or xml file

ds.ReadXml(HttpContext.Current.Server.MapPath("AccessRightsData.xml"));

}

}

#endregion 
 
 

关注点

编写这段代码很有趣。任何人都可以将此代码用于他的项目。

历史

欢迎您对我的文章提出反馈意见。我将根据反馈不断更新。

您可能还想做

一个模块，用于控制管理员可以访问的基于模块、页面或功能的特性。如果它是一个大型应用程序，您可能需要管理特性、模块、页面和允许访问它们的用户组。