UrlAuthorizationModule 类


验证用户具有访问所请求的 URL 的权限。Verifies that the user has permission to access the URL requested. 此类不能被继承。This class cannot be inherited.

public ref class UrlAuthorizationModule sealed : System::Web::IHttpModule
public sealed class UrlAuthorizationModule : System.Web.IHttpModule
type UrlAuthorizationModule = class
    interface IHttpModule
Public NotInheritable Class UrlAuthorizationModule
Implements IHttpModule


下面的代码示例向 Kim 和管理员角色的成员授予访问权限, 同时拒绝 John 和所有匿名用户使用。The following code example grants access to Kim and members of the Admins role, while denying it to John and all anonymous users.

  <allow users="Kim"/>  
  <allow roles="Admins"/>  
  <deny users="John"/>  
  <deny users="?"/>  


确定是否允许当前用户访问所请求的 URL, 具体取决于用户是其成员Name的用户或角色列表。 UrlAuthorizationModuleThe UrlAuthorizationModule determines whether the current user is permitted access to the requested URL, based on the user Name or the list of roles that a user is a member of. 有关如何确定用户名称的信息, 请参阅ASP.NET AuthenticationFor information about how the user name is determined, see ASP.NET Authentication. 有关如何管理用户角色的信息, 请参阅使用角色管理授权For information about how to manage user roles, see Managing Authorization Using Roles.

使用授权配置元素管理用户或角色的授权。Authorization for a user or a role is managed using the authorization configuration element. 您可以分别使用allowdeny子元素来允许或拒绝用户或角色。You can allow or deny a user or a role using the allow or deny subelements, respectively. allowdeny子元素按其在配置中出现的顺序进行解释。The allow and deny subelements are interpreted in the order they appear in the configuration. 元素指定允许或拒绝访问后, 将UrlAuthorizationModule完成其授权检查。Once an element specifies that access is allowed or denied, the UrlAuthorizationModule completes its authorization check. 例如, web.config 文件中的以下部分要求用户登录 (通过拒绝匿名用户), 然后仅允许管理员角色中的用户拥有访问权限。For example, the following section from a Web.config file requires users to log on (by denying anonymous users), and then allows only users in the Administrators role to have access. 不在管理员角色中的用户被拒绝。Users not in the Administrators role are denied.

  <deny users="?" />  
  <allow roles="Administrators" />  
  <deny users="*" />  

必须专门拒绝用户或角色拒绝用户或角色对 URL 的权限。A user or role must be specifically denied to refuse the user or role permission to a URL. 也就是说, 如果前面的示例未指定<deny users="*" />元素, 则允许所有经过身份验证的用户访问所请求的 URL, 而不考虑他们所属的角色。That is, if the previous example had not specified the <deny users="*" /> element, then all authenticated users would have been allowed access to the requested URL, regardless of what role they were a member of.



创建 UrlAuthorizationModule 类的实例。Creates an instance of the UrlAuthorizationModule class.


CheckUrlAccessForPrincipal(String, IPrincipal, String)

确定用户是否具有对所请求的文件的访问权。Determines whether the user has access to the requested file.


释放 UrlAuthorizationModule 使用的所有资源,内存除外。Releases all resources, other than memory, used by the UrlAuthorizationModule.


确定指定的对象是否等于当前对象。Determines whether the specified object is equal to the current object.

(继承自 Object)

用作默认哈希函数。Serves as the default hash function.

(继承自 Object)

获取当前实例的 TypeGets the Type of the current instance.

(继承自 Object)

初始化 UrlAuthorizationModule 对象。Initializes the UrlAuthorizationModule object.


创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(继承自 Object)

返回一个表示当前对象的 string。Returns a string that represents the current object.

(继承自 Object)