stackoom
  简体   繁体   中英

Custom roles in MVC 5 for Active Directory authentication

 原文  2015-11-24 16:53:55       asp.net-mvc/ asp.net-mvc-5/ active-directory

Question

So I created a test MVC 5 web application that has "Windows Authentication". Now I want to hide/show/allow access to different part of application based on predefined roles. My roles can be hard coded as "Admin" and "User".

That means I need to have a table that holds windows login name and their role. Now the question is how can I achive something similar to "Authorize" that MVC identity already provided. Example [Authorize(Roles="Admin")] . My guess is that this code automatically get info from table AspNetUserRoles for logged in user.

Can I manually create tables AspNetUsers, AspNetRoles, AspNetUserRoles. Then fill them with required data and it will work ? Passwords in table AspNetUsers can hardcoded because I will not be using it for login purpose. Please suggest.

1 answers

solution1
 0  2017-11-22 12:27:42

what you need is to trace your code to ClaimsIdentity creation and add a new Claim: ClaimTypes.Role 

private ClaimsIdentity CreateIdentity(UserPrincipal userPrincipal)
            {
            var identity = new ClaimsIdentity(
                Startup.MyAuthentication.ApplicationCookie,
                ClaimsIdentity.DefaultNameClaimType,
                ClaimsIdentity.DefaultRoleClaimType);   

            identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "Active Directory"));
            identity.AddClaim(new Claim(ClaimTypes.Name, userPrincipal.SamAccountName));

            if (userPrincipal.SamAccountName == "flastname" 
                || userPrincipal.Name == "FirstName LastName")
                {
                    // this will add role to the user, you can add as many as you want
                    identity.AddClaim(new Claim(ClaimTypes.Role, "Administrator"));
                }

            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userPrincipal.SamAccountName));
            if (!String.IsNullOrEmpty(userPrincipal.EmailAddress))
            {
                identity.AddClaim(new Claim(ClaimTypes.Email, userPrincipal.EmailAddress));
            }

            // add your own claims if you need to add more information stored on the cookie

            return identity;
        }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP MVC 5 Windows authentication with custom roles and Active Directory using windows authentication with active directory groups as roles MVC2 Active Directory Authentication C# MVC Simple Custom Authentication with Roles MVC Custom Authentication, Authorization, and Roles Implementation Active Directory authentication with initial page open (mvc 4) Active Directory Authentication with Retrieving User Data in MVC Active Directory authentication without Login form in MVC Active Directory Authentication in MVC5 is not persisting Authenticate from Active Directory but Authorize Roles from SQL Database in MVC
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM