当前位置：文江博客话题详情

是否有一个相当于 .net 标准 Web 表单（而不是 MVC）的授权属性

发布于 2024-10-03 17:18:47 字数 172 浏览 8 评论 0原文

我正在开发一个将使用 Windows 角色提供程序的项目，并且我想将功能限制为某些 AD 组。

使用 MVC，我可以在操作方法上方使用 AuthorizeAttribute 并进行相应的重定向。对于不使用 MVC 的标准 Web 表单应用程序 (.NET 3.5)，我可以做类似的事情吗？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

海拔太高太耀眼 2024-10-10 17:18:47

您可以在 web.config 中使用授权元素进行设置。

<configuration>
  <system.web>
    <authorization>
      <allow roles="domainname\Managers" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>

基本上，使用时，域组会转换为角色。
您可以在 MSDN 上了解更多相关信息

You can set this up in web.config with the authorization element.

<configuration>
  <system.web>
    <authorization>
      <allow roles="domainname\Managers" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>

Basically domain groups are translated into roles when using <authentication mode="Windows" />.
You can read more about it on MSDN

回复收藏 0 原文

撧情箌佬 2024-10-10 17:18:47

我知道这是一篇旧帖子，但我想分享一下我刚刚经历过的经历。我不想使用 web.config。我一直在寻找一种为 Web 表单创建类似于 MVC 实现的属性的方法。我发现了 Deran Schilling 的帖子，我将其用作属性部分的基础。

我创建了一个自定义IPrincipal

interface IMyPrincipal : IPrincipal
{
    string MyId { get; }
    string OrgCode { get; }
    string Email { get; }
}

和Principal

public class MyPrincipal : IMyPrincipal
{
    IIdentity identity;
    private List<string> roles;
    private string email;
    private string myId;
    private string orgCode;

    public MyPrincipal(IIdentity identity, List<string> roles, string myId, string orgCode, string email)
    {
        this.identity = identity;
        this.roles = roles;
        this.myId = myId;
        this.orgCode = orgCode;
        this.email = email;
    }

    public IIdentity Identity
    { 
        get { return identity; }
    }

    public bool IsInRole(string role)
    {
        return roles.Contains(role);
    }

    public string Email
    {
        get { return email; }
    }
    public string MyId
    {
        get { return myId; }
    }
    public string OrgCode
    {
        get { return orgCode; }
    }
}

，并创建了一个属性以供在页面上使用

[AttributeUsage(AttributeTargets.Class, AllowMultiple = false)]
public class AdminAuthorizationAttribute : Attribute
{
    public AdminAuthorizationAttribute()
    {
        var user = (MyPrincipal)HttpContext.Current.User;

        if (user.IsInRole("MyAdmin"))
            return;

        throw new AccessDeniedException();
    }
}

，并创建了一些自定义异常

public class AccessDeniedException : BaseHttpException
{
    public AccessDeniedException() : base((int)HttpStatusCode.Unauthorized, "User not authorized.") { }
}

public class BaseHttpException : HttpException
{
    public BaseHttpException(int httpCode, string message) : base(httpCode, message) { }
}

，现在我可以应用该属性以在给定页面上使用

[AdminAuthorization]
public partial class Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
    }
}

I know this is an old post but thought I'd share my experience as I just went through this. I did not want to use web.config. I was looking for a way to create an attribute for webforms similar to MVC's implementation. I found a post by Deran Schilling that I used as a basis for the attribute portion.

I created a custom IPrincipal

interface IMyPrincipal : IPrincipal
{
    string MyId { get; }
    string OrgCode { get; }
    string Email { get; }
}

and Principal

public class MyPrincipal : IMyPrincipal
{
    IIdentity identity;
    private List<string> roles;
    private string email;
    private string myId;
    private string orgCode;

    public MyPrincipal(IIdentity identity, List<string> roles, string myId, string orgCode, string email)
    {
        this.identity = identity;
        this.roles = roles;
        this.myId = myId;
        this.orgCode = orgCode;
        this.email = email;
    }

    public IIdentity Identity
    { 
        get { return identity; }
    }

    public bool IsInRole(string role)
    {
        return roles.Contains(role);
    }

    public string Email
    {
        get { return email; }
    }
    public string MyId
    {
        get { return myId; }
    }
    public string OrgCode
    {
        get { return orgCode; }
    }
}

and created an Attribute for usage on the Page

[AttributeUsage(AttributeTargets.Class, AllowMultiple = false)]
public class AdminAuthorizationAttribute : Attribute
{
    public AdminAuthorizationAttribute()
    {
        var user = (MyPrincipal)HttpContext.Current.User;

        if (user.IsInRole("MyAdmin"))
            return;

        throw new AccessDeniedException();
    }
}

and created some custom Exceptions

public class AccessDeniedException : BaseHttpException
{
    public AccessDeniedException() : base((int)HttpStatusCode.Unauthorized, "User not authorized.") { }
}

public class BaseHttpException : HttpException
{
    public BaseHttpException(int httpCode, string message) : base(httpCode, message) { }
}

and now I can apply the attribute for usage on a given page

[AdminAuthorization]
public partial class Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
    }
}

回复收藏 0 原文

一向肩并 2024-10-10 17:18:47

在全局时尚上设置通用 [Authorize] 属性而不指定角色的一个好方法是将以下代码放入内项目的 web.config 中：标签。

<authorization>
   <deny users="?" />
   <allow users="*" />
</authorization>

这将只允许任何经过身份验证的用户访问该文档，并最终触发重定向到身份验证页面。它相当于MVC中的通用[Authorize]。

A good way to set a generic [Authorize] attribute on a Global fashion without specifing a role is to put the following code into the web.config of the project inside the <system.web> tag.

<authorization>
   <deny users="?" />
   <allow users="*" />
</authorization>

this will allow only any authenticated user to access the document and eventually will trigger the redirect to the authentication page. It is the equivalent of a generic [Authorize] in MVC.

回复收藏 0 原文

~没有更多了~