允许使用 Windows 身份验证通过组通过用户名访问 MVC 站点
我有一个 MVC2 站点,现在允许通过 Windows 身份验证访问它,并使用 ASP.net 角色提供程序来提供授权。我正在尝试想出一种方法,让网站允许用户访问该网站(如果他的用户名是某些组的成员),这样我就不必在 sql 中注册用户,而只需注册一个具有访问权限的组。有人知道如何做到这一点吗?有没有一种快速而肮脏的方法?到目前为止,在我的互联网浏览中,我还没有找到一种快速而肮脏的方法来做到这一点?任何帮助都会很棒。
谢谢
I have an MVC2 site that now allows access to it via windows authentication and uses ASP.net Role provider to provide authorization. I am trying to come up with a way for the site to allow the user access to the site if his username is a member of certain groups so I won't have to sign up user in sql, but just sign up a group with access. Anybody have any idea how to do this? Is there a quick and dirty way? So far in my internet perusals I haven't found a quick and dirty way to do this? Any help would be great.
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
查找用户的角色/组信息
ASP.NET 提供了有用的“角色管理”功能,它允许开发人员将用户映射到逻辑“角色”,然后可以使用这些角色更好地控制最终用户的功能和授权访问。例如,作为一名开发人员,我可以为我的 Web 应用程序创建一个名为“经理”的角色,然后将网站部分的访问权限限制为“经理”角色中的用户(注意:我将在未来将进一步讨论如何充分利用角色管理的授权和能力功能)。
使用 Windows 身份验证时,ASP.NET 允许开发人员从多个源创建和填充角色。例如,开发人员可以设置内置的 ASP.NET 2.0 SqlRoleProvider,将 Windows 用户映射到存储在数据库中的自定义应用程序角色。对于可能存在特定于应用程序的角色映射(将其推入集中式 Active Directory 树/存储没有意义)的情况,此方法非常有用。
ASP.NET 还可以轻松地从应用程序内访问中央 Windows 和 Active Directory 组映射。例如,如果 Active Directory 网络上有一个名为“DOMAIN\managers”的 Windows 组,则 ASP.NET 应用程序可以通过编写如下代码来查找当前访问 ASP.NET 站点的经过 Windows 身份验证的用户是否属于该组:
请注意,角色/组查找是通过“User.IsInRole(rolename)”方法完成的,该方法是 User.Identity.Name 属性的同级方法。
源代码
http://weblogs.asp.net/scottgu/archive/2006/07/12/Recipe_3A00_-Enabling-Windows-Authentication-within-an-Intranet-ASP.NET-Web-application.aspx< /a>
Looking up Role/Group information for a User
ASP.NET provides a useful “Role Management” capability, which allows developers to map users into logical “Roles” that can then be used to better control end-user capabilities and authorization access. For example, as a developer I could create a role called “managers” for my web application, and then limit access to portions of the site to only those users within the “managers” role (note: I will be posting additional recipes in the future that discuss how to fully use the Role Management authorization and capabilities features more).
When using Windows Authentication, ASP.NET allows developers to create and populate roles from multiple sources. For example, a developer could setup the built-in ASP.NET 2.0 SqlRoleProvider to map Windows users to custom application roles that are store within a database. This approach is very useful for scenarios where there might be application-specific role mappings that don’t make sense to push into a centralized Active Directory tree/store.
ASP.NET also makes it easy to access central Windows and Active Directory group mappings from within an application as well. For example, if there is a Windows group on the Active Directory network called “DOMAIN\managers”, an ASP.NET application could lookup whether the current Windows authenticated user visiting the ASP.NET site belongs to this group by writing code like this:
Note that the role/group look-up is done via the “User.IsInRole(rolename)” method that is a peer of the User.Identity.Name property.
src
http://weblogs.asp.net/scottgu/archive/2006/07/12/Recipe_3A00_-Enabling-Windows-Authentication-within-an-Intranet-ASP.NET-Web-application.aspx