我对 .net 和 Active Directory (AD) 都很陌生,所以这可能是一个简单的答案,但我已经在网络和 MSDN 库中搜索了几个小时,并找到了我想要做的事情的点滴,但不确定如何做把他们全部拉到一起。我正在开发一个 Intranet .net 应用程序,希望根据用户的 Windows 网络用户名登录 2 个 AD 组来对用户进行身份验证和授权。我希望应用程序允许 ADusergroup1 中的用户查看应用程序的所有页面,并允许 ADusergroup2 中的用户查看应用程序的有限数量的页面。
根据我的阅读,最好的方法似乎是通过设置
谢谢。
I am new to both .net and Active Directory (AD) so this may be a simple answer but I have been searching the web and MSDN library for hours and find bits and pieces for what I'm looking to do but am not sure how to pull them all together. I am developing an intranet .net app and want to authenticate and authorize users based on their Windows network username logon against 2 AD groups. I want the application to allow users in ADusergroup1 to see all pages of the app and users in ADusergroup2 to see a restricted number of pages of the app.
From what I have read, it seems the best way to do this is by setting <authenticationmode="Windows"/>, using <rolemanager> to define roles based on the AD groups, and defining <authorization> per location path based on the defined roles. However, I'm still uncertain how to define and use the roles using <rolemanager>. Does someone have an example of a web.config file to do this? And once this is defined in the web.config file, does anything else need to be done in the app code?
Thanks.
发布评论
评论(1)
关于 AD 和角色提供程序有很多问题,例如这个< /a>,先尝试搜索。
There were many questions about AD and role provider like this, try to search first.