Trong Chương 6, chúng tôi tạo ra một trang quản trị, cho phép người dùng cập nhật các mục trình đơn, và trong Chương 8, chúng tôi tạo ra các trang thanh toán. Chúng tôi không muốn mọi người có thể để chạy các trang quản trị, vì vậy chúng tôi cần để khóa chúng ra bằng cách nào đó. | 9 Security and Deployment In Chapter 6 we created an administration page allowing a user to update the menu items and in Chapter 8 we created the checkout page. We don t want everyone to be able to run the administration page so we need to lock them out somehow. For the checkout it would be good to recognize members of the site and give them the option of having their order added to their account instead of paying by cash or credit card. The aim is to have a site where users can log in and have functionality change depending upon whom they are. In this chapter we will look at the following How security works and how to configure it How to add users and roles to a site How to secure pages How to change the menu system so that secured pages are not shown on the menu We will also look at the topic of what to do once you ve created your first site and how you can copy this to a service provider to make the site public. Let s start with the security aspects. Configuring Security Security revolves around the two concepts authentication and authorization. Authentication is the process of identifying users of a Web site and authorization is checking that the user is allowed to access the page he or she is trying to access. Each of these requires configuration the first to determine who the users are and the second to define which pages they are allowed access to. In you manage authentication with the Membership service which allows definition of the members of a site. There are many places to store the membership details including a text file a database or even the Windows user accounts store. We ll be using a database but won t be storing the users in the PPQ database. Instead we ll use the database that automatically creates for us. Chapter 9 You can configure authorization either on a user-by-user basis or by roles using the Role Manager service. Roles are a way to make configuration easier because you set the configuration for the role and then you add
