asp.net通用权限设计思想

权限大概分为几块：

      菜单权限

      文件夹---所谓的模块

      文件权限

      显示列权限

      按钮权限

 

实现思想：

      其实菜单也就是个显示的权限，这里并不是主要。

      重点在于文件夹-文件-数据列-按钮，这里可以做成个树。

      通过Global.asax控制文件文件夹的权限

 

      这里先贴出部分代码，别的有待研究，哈哈。

 

【一】登录页面--Default.aspx

 

      Hashtable ht = new Hashtable(); //创建一个Hashtable实例
        string uid = string.Empty;//用户ID
        string gid = string.Empty;//用户组ID
       
        DataTable dt = new DataTable();
        dt = new SQLDBHandler().ExecuteDataTable("select * from P_User where username='" + TextBox1.Text + "' and pwd='" + TextBox2.Text + "'");
        bool islogin = false;

        if (dt!=null&&dt.Rows.Count > 0)
        {
            //登录成功
            islogin = true;
            uid = dt.Rows[0]["id"].ToString();//得到用户ID
            //取出用户组ID
            gid = new SQLDBHandler().ExecuteScalar("select gid from P_GroupUser where uid='" + uid + "'").ToString();
           
            ht.Add("uid", uid);
            ht.Add("gid", gid);
          
        }
      
        if (islogin)
        {
            Session.Clear();
            Session["ids"] = ht;
            Response.Redirect("default.aspx");
        }
        else
        {
            this.Label1.Text = "登录失败，用户名或密码错误！";
            this.Label1.Visible = true;
        }

 

【二】Global.asax

 

 protected void  Application_PreRequestHandlerExecute(object sender, EventArgs e)
    {
        Response.Write("请求开始...<br>" + Guid.NewGuid().ToString());
       
        string url =Request.Url.AbsoluteUri.ToString().ToLower();//URL地址
        string urlBack = Request.CurrentExecutionFilePath;//URL后面部分
       
        Response.Write("<br>当前URL地址："+url);
        Response.Write("<br>当前urlBack地址：" + urlBack);
        bool canVistied = false;

        Hashtable ht = new Hashtable();
        ht = Session["ids"] as Hashtable;
        if (ht != null)
        {
            Response.Write("<br>得到session<br>");
            string gid = ht["gid"].ToString();
            if (gid.Trim().Length > 0)
            {
                #region 处理页面权限
                string sqlPage = "select pdir from P_Page where gid='" + gid + "'";
                System.Data.DataTable dtPage = new SQLDBHandler().ExecuteDataTable(sqlPage);
                if (dtPage != null & dtPage.Rows.Count > 0)
                {
                    for (int i = 0; i < dtPage.Rows.Count; i++)
                    {
                        if (dtPage.Rows[i][0].ToString().ToLower() == urlBack.ToLower())
                            return;
                    }
                }
                #endregion

                #region 处理模块权限
                string sql = "select mname from P_Model a inner join P_GroupModel b on a.id=b.mid where b.gid='" + gid + "'";//得到所有模块名称
                System.Data.DataTable dt = new SQLDBHandler().ExecuteDataTable(sql);//得到模块--即文件夹
                if (dt != null && dt.Rows.Count > 0)
                {
                    Response.Write("<br>权限范围：<br>");
                    for (int i = 0; i < dt.Rows.Count; i++)
                    {
                        Response.Write("【" + dt.Rows[i][0].ToString() + "】");

                        if (url.Contains(dt.Rows[i][0].ToString().ToLower()))
                        {
                            Response.Write("……");
                            Response.Write("<br>这个文件夹可以访问，用户拥有" + dt.Rows[i][0].ToString() + "权限");
                            canVistied = true;
                            break;
                        }
                    }
                }
                #endregion
            }
          
        }
        else
        {
            Response.Write("<br>没有得到session<br>");
        }
        if (!canVistied && url != "http://localhost/default.aspx")
        {
            Response.Clear();
            Response.Write("您无权访问该页面！");
            Response.End();
        }
    }

 

这个版本有待升级，只是初稿。

哥第一次写博客，转载请厚道