Mic*_*ine 8 asp.net-mvc fluent-security
在我的ASP.NET MVC 4应用程序中,我使用Intranet模板来实现Windows身份验证.我也在使用Fluent Security.
开箱即用,我可以使用下面显示的注释来限制对特定域组或域用户的控制器方法的访问.
[Authorize(Roles=@"Domain\GroupName")]
public ActionResult Index()
{
ViewBag.Message = "Modify this template to jump-start your ASP.NET MVC application.";
return View();
}
[Authorize(Users=@"Domain\UserName")]
public ActionResult About()
{
ViewBag.Message = "Your app description page.";
return View();
}
如何使用Fluent Security将这两种方法限制为同一域组和域用户?如果那更容易,我对用户比对用户更感兴趣.我是否需要构建自定义策略?如果是这样,我不太确定如何检查经过身份验证的用户是否在域组中以返回Fluent Security的正确角色?
我已经完成了FluentSecurity的入门,所以我知道如何实现FluentSecurity的基础知识,我只是不确定如何使用域组作为角色.
谢谢!
我可能找到了一种使用域组作为角色的方法。我已经调整了 Fluent Security 入门页面中的扩展示例。
在 Global.asax.cs 中:
SecurityConfigurator.Configure(configuration =>
{
// Let Fluent Security know how to get the authentication status of the current user
configuration.GetAuthenticationStatusFrom(() => HttpContext.Current.User.Identity.IsAuthenticated);
// Let Fluent Security know how to get the roles for the current user
configuration.GetRolesFrom(System.Web.Security.Roles.GetRolesForUser);
// This is where you set up the policies you want Fluent Security to enforce
configuration.For<HomeController>().Ignore();
configuration.For<AccountController>().DenyAuthenticatedAccess();
configuration.For<AccountController>(x => x.ChangePassword()).DenyAnonymousAccess();
configuration.For<AccountController>(x => x.LogOff()).DenyAnonymousAccess();
configuration.For<BlogController>(x => x.Index()).Ignore();
configuration.For<BlogController>(x => x.AddPost()).RequireRole(@"Domain\Writers");
configuration.For<BlogController>(x => x.AddComment()).DenyAnonymousAccess();
configuration.For<BlogController>(x => x.DeleteComments()).RequireRole(@"Domain\Writers");
configuration.For<BlogController>(x => x.PublishPosts()).RequireRole(@"Domain\Owners");
// To authorize the Home Controller Index Action as in my original question
configuration.For<HomeController>(c => c.Index()).RequireRole(@"Domain\GroupName");
});
GlobalFilters.Filters.Add(new HandleSecurityAttribute(), 0);
在 Web.config 中:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
<roleManager defaultProvider="WindowsProvider"
enabled="true"
cacheRolesInCookie="false">
<providers>
<add
name="WindowsProvider"
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
我还没有找到授权单个用户的方法,但我们都知道无论如何使用组通常是最佳实践。
有更好的方法吗?
| 归档时间: |
|
| 查看次数: |
1504 次 |
| 最近记录: |