ASP.NET 和 ActiveDirectory 是否存在按请求(自定义)角色?
我的愿景包括拥有从 AD 推送的全局定义角色,但我也希望能够添加到 Context.User.IsInRole("ATransientRoleForThisDocumentOnly") 并使其工作......
我考虑将角色推送到线程中。 CurrentPrincipal 并传入 Context.User.Identity 和一系列角色,但我担心获取开箱即用的所有 ADRoles,我真的只想添加一些在请求的生命周期内有效的 AdHoc 角色。
这看起来可能吗?所有角色管理器方法都是静态的,因此即使我执行了自定义角色管理器,该管理器如何知道对于文档 id #1,您是读者...而在文档 #2 上您是读/写?
My vision includes having globally defined roles which are pushed from AD but also I'd like to be able to add to Context.User.IsInRole("ATransientRoleForThisDocumentOnly") and have that work...
I thought about pushing roles into the Thread.CurrentPrincipal and passing in Context.User.Identity and an array of roles but I was concerned about getting all the ADRoles that you get out of the box, I really just want to add some AdHoc roles that will live for the lifetime of the request.
Does that seem possible? All Role manager methods are static so even if I did custom role manager how would that manager know that for document-id #1 that you're reader... while on document #2 you're read/write?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
从允许您重写 CreatePermission 的 Security 类继承,例如 CodeAccessSecurityAttribute 并返回此:
Inherit from a Security class that allows you to override CreatePermission, for instance CodeAccessSecurityAttribute and return this :