网络安全 - RequireRoles()


❮ 网络安全

定义

如果当前用户不是所有指定角色,RequireRoles() 方法会将 HTTP 状态设置为 401(未授权)。


C# 和 VB 语法

WebSecurity.RequireRoles(roles)

实例

Example C#

WebSecurity.RequireRoles("Admin", "Poweruser");

Example VB

WebSecurity.RequireRoles("Admin", "Poweruser")

参数

参数 类型 描述
roles String A comma separated list of roles the current user must be in.

返回值

None.


Errors and Exceptions

Any access to the WebSecurity object throws an InvalidOperationException if:

  • The InitializeDatabaseConnection() method has not been called
  • SimpleMembership is not initialized (or disabled in the website configuration)

Remarks

RequireRoles() validates that the current user is a member of all of the specified roles. If the user is not a member of all of the specified roles, the HTTP status is set to 401 (Unauthorized).

To validate that the user is authenticated, use the RequireAuthenticatedUser() method.

To validate that the current user is a specific user, use the RequireUser() method.


❮ 网络安全