如何在 Azman 中获取与用户关联的组列表?
我能够获取与经过身份验证的用户关联的角色,但不能获取与组关联的角色。有没有办法获得群组
WindowsIdentity userIdentity = HttpContext.Current.User.Identity as WindowsIdentity;
AzAuthorizationStoreClass azManStore = new AzAuthorizationStoreClass();
string storeConnectionString = ConfigurationManager.ConnectionStrings["<CONN STRING>"].ConnectionString;
azManStore.Initialize(0, storeConnectionString, null);
IAzApplication azApp = azManStore.OpenApplication("<APP NAME>", null);
ulong token = (ulong)userIdentity.Token;
IAzClientContext ctx = azApp.InitializeClientContextFromToken(token, null);
object roles = ctx.GetRoles(String.Empty);
I'm able to get the roles associated with the authenticated user but not the groups. Is there a way to get the groups
WindowsIdentity userIdentity = HttpContext.Current.User.Identity as WindowsIdentity;
AzAuthorizationStoreClass azManStore = new AzAuthorizationStoreClass();
string storeConnectionString = ConfigurationManager.ConnectionStrings["<CONN STRING>"].ConnectionString;
azManStore.Initialize(0, storeConnectionString, null);
IAzApplication azApp = azManStore.OpenApplication("<APP NAME>", null);
ulong token = (ulong)userIdentity.Token;
IAzClientContext ctx = azApp.InitializeClientContextFromToken(token, null);
object roles = ctx.GetRoles(String.Empty);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我还没有找到办法。在我的项目中,我们对此有一个要求,最终做了一个简单的实现,遍历每个组并检查用户是否是成员。此方法的问题在于,它忽略了通过组中的组获得的成员资格,以及通过作为 AzMan 组成员的 AD 组成员的用户获得的成员资格。您可以扩展解决方案以涵盖这些场景,但最终我认为,当您开始提出这样的问题时,您可能会使用 Azman(基于操作(或任务)的安全性)走上基于角色的安全路径。
I have not found a way. On my project we had one requirement for this and ended up doing a simplistic implementation that walked through each Group and checked if the user was a member. The problem with this approach is that it ignores membership via groups in groups and also membership via the user being a member of an AD group that is a member of the AzMan group. You could grow the solution to cover these scenarios, but ultimately I think that when you start asking questions like this, you might be heading down the role-based security path with Azman (which is operation (or task) based security).