ASP.NET 无法使用自定义窗口组作为角色
我想使用本地组来限制本地用户对 ASP.NET Web 应用程序的访问。
我创建了一个 Windows 组 (TestLocalGroup) 和 Windows 用户帐户,并将它们全部分配给新组。组和帐户位于 IIS7 Web 服务器上。
在我的 web.config 中,我可以通过定义以下设置来正确限制对特定用户的访问...
<authentication mode="Windows" />
<authorization>
<allow users=".\TestLocalUser1,.\TestLocalUser2" />
<deny users="*" />
</authorization>
但我似乎无法让它为该组工作。此代码不允许我的组成员访问...
<authentication mode="Windows" />
<authorization>
<allow roles=".\TestLocalGroup" />
<deny users="*" />
</authorization>
我没有任何“roleManager”部分。我需要那个吗?
我错过了什么吗?看起来它应该可以工作。
I want to use a local group to restrict access to an ASP.NET web application to local users.
I've created a Windows group (TestLocalGroup) and Windows user accounts and assigned them all to the new group. The group and accounts are on the IIS7 web server.
In my web.config, I can properly restrict access to specific users by defining the following settings...
<authentication mode="Windows" />
<authorization>
<allow users=".\TestLocalUser1,.\TestLocalUser2" />
<deny users="*" />
</authorization>
But I can't seem to get it to work for the group. This code won't allow my group members access...
<authentication mode="Windows" />
<authorization>
<allow roles=".\TestLocalGroup" />
<deny users="*" />
</authorization>
I don't have any "roleManager" section. Do I need that?
Am I missing something? It seems like it should just work.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
有两个问题。
1) 事实证明,我在父 web.config 上启用了不同的 roleManager。
对于我的网站,我必须清除角色管理器才能使 Windows 角色再次工作。
2)当我将用户添加到组中时,似乎没有任何立竿见影的效果。我按照 Mellamokb 的建议登录和关闭(谢谢!)。这没有任何区别,但它确实向我指出了正确的解决方案;回收我的网站。我假设有一些定时凭证缓存,回收网站将清除它。
There were two problems.
1) It turns out that I had a different roleManager enabled on a parent web.config.
For my site I had to clear the roleManager to get the windows roles to work again.
2) As I was adding my users to the groups, there didn't appear to be any immediate effect. I logged on and off as suggested by mellamokb (Thank you!). That didn't make any difference, but it did point me to the correct solution; recycling my web site. I assume there is some timed credential cache and recycling the web site will clear it.
就我而言,我必须从 web.config 中删除 roleManager...。
In my case,,, I have to delete roleManager... from my web.config.