硬编码ASP.NET MVC的角色（数据库外部）并添加Windows身份验证的用户

Question

How would I go about hardcoding a role in ASP.NET MVC within the program itself, rather than through a database, for authentication (and then how could I add people to this role)?

What I'm trying to do is have 3 roles: Progammer, DatabaseAdministrator, and SystemsAdministrator. I'd like to be able to add people to those roles (also hardcoded), and then authenticate people based on role, rather than username. Right now, I am authenticating people like this:

If (@User.Identity.Name == "DOMAIN\\first.m.last")

What I want to be able to do is:

If (@User.Identity.Role == "ROLENAME")

However, I only have three roles and 8 people; I do not want to have to create a table in my database for them. So I'd create the role DatabaseAdministrator, and then add three people into as the string "DOMAIN\\first.m.last". Then, I could have the action populate the view based on their rolename.

Everything I've seen so far has you do it through the database. Would appreciate any help. Thanks!

Answer 1

I am assuming that you are using Windows Authentication.

With that said you can easily authorize based on the users Active Directory Groups. This will keep you out of the database and all you have to do is add a user to an AD group if the users change.

Then you can authorize on the controller or action with this annotation.

[Authorize(Roles = @"DOMAIN\ADGroup")]