UrlAuthorizationModule UrlAuthorizationModule UrlAuthorizationModule UrlAuthorizationModule Class

定義

驗證使用者確實擁有權限,可以存取所要求的 URL。Verifies that the user has permission to access the URL requested. 這個類別無法被繼承。This class cannot be inherited.

public ref class UrlAuthorizationModule sealed : System::Web::IHttpModule
public sealed class UrlAuthorizationModule : System.Web.IHttpModule
type UrlAuthorizationModule = class
    interface IHttpModule
Public NotInheritable Class UrlAuthorizationModule
Implements IHttpModule
繼承
UrlAuthorizationModuleUrlAuthorizationModuleUrlAuthorizationModuleUrlAuthorizationModule
實作

範例

下列程式碼範例會授與對 Kim 和 Admins 角色成員的存取權, 同時拒絕 John 和所有匿名使用者。The following code example grants access to Kim and members of the Admins role, while denying it to John and all anonymous users.

<authorization>  
  <allow users="Kim"/>  
  <allow roles="Admins"/>  
  <deny users="John"/>  
  <deny users="?"/>  
</authorization>  

備註

會根據Name使用者或使用者所屬的角色清單,決定是否允許目前的使用者存取UrlAuthorizationModule要求的 URL。The UrlAuthorizationModule determines whether the current user is permitted access to the requested URL, based on the user Name or the list of roles that a user is a member of. 如需如何判斷使用者名稱的相關資訊, 請參閱ASP.NET AuthenticationFor information about how the user name is determined, see ASP.NET Authentication. 如需如何管理使用者角色的詳細資訊, 請參閱使用角色管理授權For information about how to manage user roles, see Managing Authorization Using Roles.

使用者或角色的授權是使用authorization configuration 元素進行管理。Authorization for a user or a role is managed using the authorization configuration element. 您可以分別使用allowdeny子項目來允許或拒絕使用者或角色。You can allow or deny a user or a role using the allow or deny subelements, respectively. allowdeny子項目會依照它們在設定中出現的順序來進行轉譯。The allow and deny subelements are interpreted in the order they appear in the configuration. 一旦元素指定允許或拒絕存取, UrlAuthorizationModule就會完成其授權檢查。Once an element specifies that access is allowed or denied, the UrlAuthorizationModule completes its authorization check. 例如, 來自 web.config 檔案的下列區段需要使用者登入 (藉由拒絕匿名使用者), 然後只允許系統管理員角色中的使用者擁有存取權。For example, the following section from a Web.config file requires users to log on (by denying anonymous users), and then allows only users in the Administrators role to have access. 不在系統管理員角色中的使用者會遭到拒絕。Users not in the Administrators role are denied.

<authorization>  
  <deny users="?" />  
  <allow roles="Administrators" />  
  <deny users="*" />  
</authorization>  

必須特別拒絕使用者或角色, 才能拒絕使用者或角色的 URL 許可權。A user or role must be specifically denied to refuse the user or role permission to a URL. 也就是說, 如果先前的範例未指定<deny users="*" />專案, 則所有已驗證的使用者都可以存取要求的 URL, 而不論其所屬的角色為何。That is, if the previous example had not specified the <deny users="*" /> element, then all authenticated users would have been allowed access to the requested URL, regardless of what role they were a member of.

建構函式

UrlAuthorizationModule() UrlAuthorizationModule() UrlAuthorizationModule() UrlAuthorizationModule()

建立 UrlAuthorizationModule 類別的執行個體。Creates an instance of the UrlAuthorizationModule class.

方法

CheckUrlAccessForPrincipal(String, IPrincipal, String) CheckUrlAccessForPrincipal(String, IPrincipal, String) CheckUrlAccessForPrincipal(String, IPrincipal, String) CheckUrlAccessForPrincipal(String, IPrincipal, String)

判斷使用者是否有權限可存取所要求的檔案。Determines whether the user has access to the requested file.

Dispose() Dispose() Dispose() Dispose()

除了記憶體之外,釋放 UrlAuthorizationModule 使用的所有資源。Releases all resources, other than memory, used by the UrlAuthorizationModule.

Equals(Object) Equals(Object) Equals(Object) Equals(Object)

判斷指定的物件是否等於目前的物件。Determines whether the specified object is equal to the current object.

(Inherited from Object)
GetHashCode() GetHashCode() GetHashCode() GetHashCode()

做為預設雜湊函式。Serves as the default hash function.

(Inherited from Object)
GetType() GetType() GetType() GetType()

取得目前執行個體的 TypeGets the Type of the current instance.

(Inherited from Object)
Init(HttpApplication) Init(HttpApplication) Init(HttpApplication) Init(HttpApplication)

初始化 UrlAuthorizationModule 物件。Initializes the UrlAuthorizationModule object.

MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

建立目前 Object 的淺層複本 (Shallow Copy)。Creates a shallow copy of the current Object.

(Inherited from Object)
ToString() ToString() ToString() ToString()

傳回代表目前物件的字串。Returns a string that represents the current object.

(Inherited from Object)

適用於

另請參閱