my application uses windows authorisation, but I manually specify the users that have access like this:
[Authorize(Users = "domain\\userone, domain\\usertwo, domain\\userthree")]
I was wondering whether I could put a loop in there to loop through a list of users that were return from a database call, so for example a quick mock up that would get a list of users' NT accounts from the database:
List<string> users = new List<String>();
SqlConnection con = new SqlConnection(Properties.Default.ConnectionString);
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandType = System.Data.CommandType.Text;
cmd.CommandText = @"SELECT NT_ACCOUNT FROM USERS";
SQLDataReader reader = cmd.ExecuteReader();
while(reader.Read())
{
users.Add(reader.GetValue(reader.FieldCount));
}
and a mock up from what I think it would look like for the authorisation:
foreach(String nt_account in users)
{
[Authorize(Users = nt_account)]
}
or perhaps it could be sone easier with a linq query I'm not sure, the above code is just a guess though.
Modify the AuhorizeCore method:
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
IPrincipal user = httpContext.User;
if (!user.Identity.IsAuthenticated)
{
return false;
}
//_usersSplit = ListOfAuthorizedNames
if ((_usersSplit.Length > 0 && !_usersSplit.Contains(user.Identity.Name, StringComparer.OrdinalIgnoreCase)) && (_rolesSplit.Length > 0 && !_rolesSplit.Any(user.IsInRole)))
{
return false;
}
return true;
}
Taken from: https://stackoverflow.com/a/6426328/1057667
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.