BlogEngine.NET 3.3 - 防止匿名用户做某些事情
BlogEngine.NET 3.3 - Prevent anonymous users from doing certain things
我重新措辞以尝试找到解决方案。
我正在使用 BlogEngine.NET 3.3。我要求在博客中显示 post 的 300 个字符,然后注册用户将单击 post 名称以阅读其余部分。
我希望未注册用户(匿名用户)能够看到这 300 个字符,但是当他们尝试阅读 post 的全部内容时,他们会看到一些文字 "Please Register to see this content".
我在网上搜索过,想看看以前是否有人做到过。我找到了下面的代码。它说将它作为 .cs 放入 App_Code/Extensions 文件夹中以启用它。但是,在 3.3 中 App_Code 中没有扩展文件夹。 BlogEngine.Core\Web\Extensions 这里有一个。我试过将下面的代码放入 web\extensions 文件夹中,它似乎做了一些事情。它隐藏了我所有已发布的 posts.
有人可以帮我解决这个问题吗?
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using BlogEngine.Core;
using BlogEngine.Core.Web.Controls;
using System.Collections.Generic;
/// <summary>
/// Summary description for PostSecurity
/// </summary>
[Extension("Checks to see if a user can see this blog post.",
"1.0", "<a href=\"http://www.lavablast.com\">LavaBlast.com</a>")]
public class PostSecurity
{
static protected ExtensionSettings settings = null;
public PostSecurity()
{
Post.Serving += new EventHandler<ServingEventArgs>(Post_Serving);
ExtensionSettings s = new ExtensionSettings("PostSecurity");
s.AddParameter("Role", "Role", 50, true);
s.AddParameter("Category", "Category", 50);
// describe specific rules for entering parameters
s.Help = "Checks to see if the user has any of those roles before displaying the post. ";
s.Help += "You can associate a role with a specific category. ";
s.Help += "All posts having this category will require that the user have the role. ";
s.Help += "A parameter with only a role without a category will enable to filter all posts to this role. ";
s.AddValues(new string[] { "Registered", "" });
ExtensionManager.ImportSettings(s);
settings = ExtensionManager.GetSettings("PostSecurity");
}
protected void Post_Serving(object sender, ServingEventArgs e)
{
Post post = (Post)sender;
bool continu = false;
MembershipUser user = Membership.GetUser();
continu = user != null;
if (user != null)
{
List<string> categories = new List<string>();
foreach (Category cat in post.Categories)
categories.Add(cat.Title);
string[] r = Roles.GetRolesForUser();
List<string> roles = new List<string>(r);
DataTable table = settings.GetDataTable();
foreach (DataRow row in table.Rows)
{
if (string.IsNullOrEmpty((string)row["Category"]))
continu &= roles.Contains((string)row["Role"]);
else
{
if (categories.Contains((string)row["Category"]))
continu &= roles.Contains((string)row["Role"]);
}
}
}
e.Cancel = !continu;
}
}
好的,所以前段时间我使用了BlogEngine.Net,我会尽力帮助你,所以我不太确定我的答案是否正确,但也许吧给你指点一下好吗?
您不应授予成员查看未发布的 Post 的访问权限,因为这更适合网站上的编辑,以便能够在发布之前保存新 Post 的草稿public 消费。
据我了解 (?),只有您的朋友会在博客上写 Post,因此他应该是唯一拥有该权限的人。
可能有用的一件事是允许所有人观看 Posts,如果这需要让第一页正常工作(我不太记得了)。然后你可以 override/customize 显示 Post 的 control/view,在那里你可以检查用户是否实际注册并决定显示 Post 或消息告诉他们注册。
此问题现已解决。 BlogEngine.Net 的 rtur 对此提供了帮助。
using BlogEngine.Core;
using BlogEngine.Core.Web.Controls;
using System.Web;
[Extension("Secure post", "1.0", "BlogEngine.NET")]
public class SecurePost
{
static SecurePost()
{
Post.Serving += Post_Serving;
}
private static void Post_Serving(object sender, ServingEventArgs e)
{
if(e.Location == ServingLocation.SinglePost)
{
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
HttpContext.Current.Response.Redirect("~/account /login.aspx");
}
}
}
}
我重新措辞以尝试找到解决方案。
我正在使用 BlogEngine.NET 3.3。我要求在博客中显示 post 的 300 个字符,然后注册用户将单击 post 名称以阅读其余部分。
我希望未注册用户(匿名用户)能够看到这 300 个字符,但是当他们尝试阅读 post 的全部内容时,他们会看到一些文字 "Please Register to see this content".
我在网上搜索过,想看看以前是否有人做到过。我找到了下面的代码。它说将它作为 .cs 放入 App_Code/Extensions 文件夹中以启用它。但是,在 3.3 中 App_Code 中没有扩展文件夹。 BlogEngine.Core\Web\Extensions 这里有一个。我试过将下面的代码放入 web\extensions 文件夹中,它似乎做了一些事情。它隐藏了我所有已发布的 posts.
有人可以帮我解决这个问题吗?
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using BlogEngine.Core;
using BlogEngine.Core.Web.Controls;
using System.Collections.Generic;
/// <summary>
/// Summary description for PostSecurity
/// </summary>
[Extension("Checks to see if a user can see this blog post.",
"1.0", "<a href=\"http://www.lavablast.com\">LavaBlast.com</a>")]
public class PostSecurity
{
static protected ExtensionSettings settings = null;
public PostSecurity()
{
Post.Serving += new EventHandler<ServingEventArgs>(Post_Serving);
ExtensionSettings s = new ExtensionSettings("PostSecurity");
s.AddParameter("Role", "Role", 50, true);
s.AddParameter("Category", "Category", 50);
// describe specific rules for entering parameters
s.Help = "Checks to see if the user has any of those roles before displaying the post. ";
s.Help += "You can associate a role with a specific category. ";
s.Help += "All posts having this category will require that the user have the role. ";
s.Help += "A parameter with only a role without a category will enable to filter all posts to this role. ";
s.AddValues(new string[] { "Registered", "" });
ExtensionManager.ImportSettings(s);
settings = ExtensionManager.GetSettings("PostSecurity");
}
protected void Post_Serving(object sender, ServingEventArgs e)
{
Post post = (Post)sender;
bool continu = false;
MembershipUser user = Membership.GetUser();
continu = user != null;
if (user != null)
{
List<string> categories = new List<string>();
foreach (Category cat in post.Categories)
categories.Add(cat.Title);
string[] r = Roles.GetRolesForUser();
List<string> roles = new List<string>(r);
DataTable table = settings.GetDataTable();
foreach (DataRow row in table.Rows)
{
if (string.IsNullOrEmpty((string)row["Category"]))
continu &= roles.Contains((string)row["Role"]);
else
{
if (categories.Contains((string)row["Category"]))
continu &= roles.Contains((string)row["Role"]);
}
}
}
e.Cancel = !continu;
}
}
好的,所以前段时间我使用了BlogEngine.Net,我会尽力帮助你,所以我不太确定我的答案是否正确,但也许吧给你指点一下好吗?
您不应授予成员查看未发布的 Post 的访问权限,因为这更适合网站上的编辑,以便能够在发布之前保存新 Post 的草稿public 消费。
据我了解 (?),只有您的朋友会在博客上写 Post,因此他应该是唯一拥有该权限的人。
可能有用的一件事是允许所有人观看 Posts,如果这需要让第一页正常工作(我不太记得了)。然后你可以 override/customize 显示 Post 的 control/view,在那里你可以检查用户是否实际注册并决定显示 Post 或消息告诉他们注册。
此问题现已解决。 BlogEngine.Net 的 rtur 对此提供了帮助。
using BlogEngine.Core;
using BlogEngine.Core.Web.Controls;
using System.Web;
[Extension("Secure post", "1.0", "BlogEngine.NET")]
public class SecurePost
{
static SecurePost()
{
Post.Serving += Post_Serving;
}
private static void Post_Serving(object sender, ServingEventArgs e)
{
if(e.Location == ServingLocation.SinglePost)
{
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
HttpContext.Current.Response.Redirect("~/account /login.aspx");
}
}
}
}