我正在从集成/Windows 身份验证系统(其中我在 web.config 的授权部分使用 Windows 组,以及 web.sitemap 以及使用 user.identity.name 实现各种每用户功能)迁移到 SSO 解决方案它通过 http 标头提供经过身份验证的详细信息。
我创建了一个非常简单的自定义 RoleProvider(覆盖 IsUserInRole 和 GetRolesForUser),它非常适合 web.config 的“允许角色”部分和 web.sitemap 的角色部分。
我想对授权的“用户”部分做同样的事情..我该怎么做?是通过覆盖不同的提供商吗?它也会影响 user.identity.name 返回的内容吗?
感谢您为我指明了正确的方向:)
编辑 - 杰伊。
请注意,这可能是一个有点hacky和缺乏经验的修复,但它适合我的目的..遵循http://msdn.microsoft.com/en-us/library/8fw7xh74(v=vs.100).aspx 您可以创建一个包含所有必需函数定义的类,返回 false / 根据需要清空字符串数组。
我实现的唯一函数是 IsUserInRole 和 GetRolesForUser。后者只是连接到 Request.ServerVariables 来检查适当的 HTTP 标头,并根据需要将其格式化为字符串数组。 IsUserInRole 只是将提供的字符串与 GetRolesForUser 返回的字符串数组进行匹配。
之后,我只是在 web.config 中引用了上面的内容,
<roleManager defaultProvider="myroleprov" enabled="true">
<providers>
<clear/>
<add name="myroleprov" type="myApp.CustomProviders.myroleprov" applicationName="myApp"/>
</providers>
</roleManager>
我想就这样吧?希望有帮助。
I'm moving from an integrated/windows authenticated system (whereby I used windows groups in the web.config's authorization section, and the web.sitemap as well as using user.identity.name for various per-user features) to an SSO solution which offers authenticated details through the http headers.
I created a very simple custom RoleProvider (overriding IsUserInRole and GetRolesForUser) which worked great for the 'allow roles' sections of the web.config, and roles section of web.sitemap.
I want to do the same for the 'users' part of authorization.. how would I go about doing this? Is it through overriding a different provider? Would it also affect what's returned by user.identity.name?
Thanks for pointing me in the right direction :)
Edit - for Jay.
Note this is likely a bit of a hacky and inexperienced fix, but it suited my purpose.. Following http://msdn.microsoft.com/en-us/library/8fw7xh74(v=vs.100).aspx you can create a class with all the required function definitions, returning false/empty string arrays as necessary.
The only functions I implemented were IsUserInRole and GetRolesForUser. The latter simply hooked into Request.ServerVariables to check the appropriate HTTP header, and format those into a String array as required. The IsUserInRole simply matches a supplied string against the string array returned by GetRolesForUser.
After that, I just referenced the above in the web.config
<roleManager defaultProvider="myroleprov" enabled="true">
<providers>
<clear/>
<add name="myroleprov" type="myApp.CustomProviders.myroleprov" applicationName="myApp"/>
</providers>
</roleManager>
I think that's about it? Hope it helps.
发布评论
评论(1)
我认为您正在寻找会员提供商: http: //msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.aspx
I think you're looking for the Membership provider: http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.aspx