asp中Windows身份验证的简单自定义角色.净?
Bon*_*onk 15 asp.net asp.net-mvc asp.net-membership roles
在我们的公司网络中,Active Directory(AD)中的角色未正确分配给我的应用程序.所以我在我的数据库中创建了一个简单的表,映射了AD中的所有用户及其角色.这个表中只有两列,即用户和角色.
我希望利用asp.net中强大的角色管理功能,我想使用像[Authorize(Roles = "Managers")].是否有一种简单的方法来使用这些自定义角色而无需设置复杂的角色和成员资格提供程
应用程序背景:sql server,linq,asp.net mvc
Sha*_*man 12
实现自定义角色提供程序非常容易.基本上你需要实现两个功能.
查看文章:MVC的自定义角色提供程序
- 虽然此链接可能会回答这个问题,但最好在此处包含答案的基本部分并提供参考链接.如果链接的页面发生更改,则仅链接的答案可能会无效. (11认同)
Article provided in the event the website goes down.
Custom Role Provider for MVC
In a previous article, I explain how to create Custom Membership Provider to authorize the user and protect controls and pages. But what if you want to show or protect some area, controller or page for a specific group of users? For example, allow access to Admin Panel only for admins.
In .Net Framework for this purpose is Role Provider. But again, it uses own DB for store user roles. So let's create and configure Custom Role Provider which will use our DB or any other storage. As before we should overwrite class from .NET:
For the minimum functionality, we need implement and overwrite two functions GetRolesForUser and IsUserInRole. First, one is used to get a list of all user roles (or groups):
public override string[] GetRolesForUser(string username)
{
using (DatabaseEntities db = new DatabaseEntities())
{
User user = db.Users.FirstOrDefault(u => u.UserName.Equals(username, StringComparison.CurrentCultureIgnoreCase) || u.Email.Equals(username, StringComparison.CurrentCultureIgnoreCase));
var roles = from ur in user.UserRoles
from r in db.Roles
where ur.RoleId == r.Id
select r.Name;
if (roles != null)
return roles.ToArray();
else
return new string[] {}; ;
}
}
As you can see I locate the user in my DB by username parameter of the function (in my case it’s can be username or email) and create the string list of user roles.
Second function is to check if user in the role (or group):
public override bool IsUserInRole(string username, string roleName)
{
using (DatabaseEntities db = new DatabaseEntities())
{
User user = db.Users.FirstOrDefault(u => u.UserName.Equals(username, StringComparison.CurrentCultureIgnoreCase) || u.Email.Equals(username, StringComparison.CurrentCultureIgnoreCase));
var roles = from ur in user.UserRoles
from r in db.Roles
where ur.RoleId == r.Id
select r.Name;
if (user != null)
return roles.Any(r => r.Equals(roleName, StringComparison.CurrentCultureIgnoreCase));
else
return false;
}
}
Then we need to configure in web.config file solution to use created role provider. May need to set cacheRolesInCookie to false for debugging purposes or behavior will be unpredictable.
<system.web>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
<roleManager cacheRolesInCookie="true" defaultProvider="KitsulaRoleProvider" enabled="true">
<providers>
<clear />
<add name="KitsulaRoleProvider" type="Kitsula.Security.KitsulaRoleProvider" />
</providers>
</roleManager>
</system.web>
Now you can protect controllers, actions, pages for a specific group of users which are in specified roles by set Authorize attribute:
using System;
using System.Web.Mvc;
namespace Kitsula.Areas.Admin.Controllers
{
[Authorize(Roles = "Administrators")]
public class HomeController : Controller
{
//
// GET: /Admin/Home/
public ActionResult Index()
{
return View();
}
}
}