[英]ASP.NET MVC and Windows Authentication with custom roles
I am trying to implement windows authentication in my ASP.NET MVC2 application. 我试图在我的ASP.NET MVC2应用程序中实现Windows身份验证。 I've followed all the steps suggested by the official documentation:
我遵循了官方文档建议的所有步骤:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
I've specified NTLM Authentication. 我已经指定了NTLM身份验证。 So far so good.
到现在为止还挺好。 Everything works fine.
一切正常。 I would like to check the users logged-in against my database.
我想检查登录我的数据库的用户。 I would like to fetch roles from my table and then manage the authorization using a custom attribute.
我想从我的表中获取角色,然后使用自定义属性管理授权。
I don't want to use membership and roles provider. 我不想使用会员和角色提供者。 I'already have my tables Users/Roles in place cause they've been used for an Internet App (this is the Intranet App).
我已经有我的表用户/角色,因为他们已经被用于互联网应用程序(这是内联网应用程序)。
In my Internet App I had a form where the user inputs the data. 在我的Internet App中,我有一个用户输入数据的表单。 The form is posted to a controller which checks everything and creates a cookie with the user (and roles) of the logged-in user.
表单将发布到控制器,该控制器将检查所有内容并使用登录用户的用户(和角色)创建cookie。
In my global.asax I've trapped the AuthenticateRequest event where I read the cookie and create a custom principal which I use all over the app to check the authorizations. 在我的global.asax中,我已经捕获了AuthenticateRequest事件,在那里我读取了cookie并创建了一个自定义主体,我在整个应用程序中使用它来检查授权。
How can I do implement this with Windows Authentication? 如何使用Windows身份验证实现此功能?
Just create a new principal and assign it to the user and thread in Global.asax (or use an action filter). 只需创建一个新的主体并将其分配给Global.asax中的用户和线程(或使用动作过滤器)。
protected void Application_AuthenticateRequest(object sender, EventArgs args)
{
if(HttpContext.Current != null)
{
String [] roles = GetRolesFromSomeDataTable(HttpContext.Current.User.Identity.Name);
GenericPrincipal principal = new GenericPrincipal(HttpContext.Current.User.Identity, roles);
Thread.CurrentPrincipal = HttpContext.Current.User = principal;
}
}
If a user doesn't have any role that matches, they can be barred from the app using the web.config authoirzation element: 如果用户没有匹配的任何角色,则可以使用web.config authoirzation元素禁止他们访问该应用:
<authorization>
<allow roles="blah,whatever"/>
<deny users="*"/>
</authorization>
Just to add to the above answer, Hope this save some fokes some time. 只是为了补充上面的答案,希望这能节省一些时间。
I have a intranet MVC 5 site with VS 2015. 我有VS 2015的Intranet MVC 5站点。
The code did not work for me until the top line was updated with HttpContext.Current.User. 在使用HttpContext.Current.User更新顶行之前,代码对我不起作用。 The site was giving me null reference to the HttpContext.Current.User if the user wasn't already created in the Database.
如果用户尚未在数据库中创建,则该站点为我提供了对HttpContext.Current.User的空引用。 By adding .User to the first line, it bypassed that code on first load and worked.
通过将.User添加到第一行,它在第一次加载时绕过该代码并运行。
if (HttpContext.Current.User != null)
{
String[] roles = GetRolesFromSomeDataTable(HttpContext.Current.User.Identity.Name);
GenericPrincipal principal = new GenericPrincipal(HttpContext.Current.User.Identity, roles);
Thread.CurrentPrincipal = HttpContext.Current.User = principal;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.