ASP.Net实现用户权限管理

  <membership defaultProvider="CustomMembershipProvider">       <providers>         <clear />          <add name="CustomMembershipProvider" type="UIH.PACS.AuthorizationUtility.CustomMembershipProvider" connectionStringName="uihrisdbEntities" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" description="Stores and retrieves membership data from the local Microsoft SQL Server database" />       </providers>     </membership>

    <authentication mode="Forms">      <forms loginUrl="~/Account/LogOn" defaultUrl="~/PatientAdmin/Index" timeout="2880" />    </authentication>

 3.LogOn方法中的使用 

         [HttpPost] 
       public ActionResult LogOn(LogOnModel model, string returnUrl)         {             if (ModelState.IsValid)             {                 if (Membership.ValidateUser(model.UserName, model.Password))                 {                     FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);                     if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")                         && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))                     {                         return Redirect(returnUrl);                     }                     else                     {                         FormsAuthentication.RedirectFromLoginPage(model.UserName, false);                           //return RedirectToAction("Index", "PatientAdmin");                     }                    }                 else                 {                     ModelState.AddModelError("", "The user name or password provided is incorrect.");                 }             }               // If we got this far, something failed, redisplay form             return View(model);         } 
 4.继承AuthorizeAttribute属性， 重载bool AuthorizeCore(HttpContextBase httpContext)方法，在方法中调用权限管理的接口。