ASP.NET2.0成员角色API实用性探讨

Research of the practicability of ASP.NET 2.0 Membership & Roleship API

传统的ASP技术通常都是利用Session来记住用户的信息,然后在各个页面直接利用Session变量值确认用户的身份以及它们是否具有访问的权限。Session与IIS配合来共同确定用户的身份验证与授权。在ASP.NET2.0版本里使用Provider模型解决网站安全的问题,成员及角色管理是该模型的两部分,成员API用来管理用户名和密码,角色API用来管理用户角色。详细地论述了如何设置相应的配置程序才能使ASP.NET2.0的成员管理和角色管理更具实用性。

ASP technology keep the user＇s information by session , verify authenticity of userls identity and Determine whether they have access authorization in very web page using session variables. Session and IIS together determine the authorization and the identity of the user. The Provider Model---which is used throughout the ASP.NET 2.0 framework-- solve the problem of Web site security. The Membership Provider is used to store usernames and passwords, and the Role Provider is used to store user roles.The paper give a detailed description on how to config web.config and program to make management of members and roles more Practicality.