信息系统涉及用户隐私数据时,权限访问控制是系统成功的关键因素。在建的柳州市高级专家信息系统使用了一种简单灵活的权限设置方案,结合ASP.NET中的授权模型,可实现系统运行时自定义角色和动态授权,并为用户数据提供字段级保护以及保护范围。%When a MIS (Management Information System) web site involves users' privacy data, Access Control is a key factor of ensuring system success. This paper introduces authorization model in ASP.NET and puts forward to a simple and flexible solution giving users convenience to create and authorize custom roles in application runtime, the solution also provides field-level privacy protection and enables users to establish privacy scope, and makes system more flexible on the premise of restricting access control.
展开▼