简体   繁体   中英

using roles in asp.net with windows authentication

I need to use the Roles.GetUsersInRole(role) method to get usernames that should receive an email when an event happens. I am using Windows authentication.

In my web Config:

     <system.web> 
        <authentication mode="Windows" />
        <identity impersonate="false" />
        <roleManager enabled="true"
                 defaultProvider="AspNetWindowsTokenRoleProvider"/>
...
      </system.web>

everything compiles fine however when I call that method I get this error:

{"The configured Role Provider (WindowsTokenRoleProvider) relies upon Windows authentication to determine the groups that the user is allowed to be a member of. ASP.NET Role Manager cannot be used to manage Windows users and groups. Please use the SQLRoleProvider if you would like to support custom user/role assignment."}

Is this a configuration issue? I need to continue to use windows authentication, however I also need to be able to get usernames from the groups.

If there is no configuration setting to accomplish this is there any kind of work around that would get me this functionality?

Thanks

Here is a working sample ASP.NET MVC 4 application that uses windows authentication with SQL Server Role Provider.

In the web.config file under <system.web> section:

<roleManager  enabled="true" defaultProvider="SqlRoleProvider">
  <providers>
    <add name ="SqlRoleProvider"
   type="System.Web.Security.SqlRoleProvider"
   connectionStringName="AspNetMembershipConnString"
   applicationName="MembershipAndRoleProviderSample"/>
  </providers>
</roleManager> 

This tells the asp.net runtime to use Sql role provider and indicates which connection string to use to locate the database.

Because we are using SQL Role Provider, we need a database where users and roles are stored. To create the database use aspnet_regsql.exe command (on my windows 10 pro machine its under C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319) which allows to create the schema that holds the users and roles.

Note: When creating the schema through this tool, make sure the database name is the same as given in your connection string in the web.config file (coming up next).

Back to the web.config file add the connection string

 <connectionStrings>    
    <add connectionString="DATA SOURCE = PersonalLaptop\SQLEXPRESS2014; INITIAL CATALOG = AspNetMembership; INTEGRATED SECURITY = SSPI;"
          name="AspNetMembershipConnString" providerName="System.Data.SqlClient"/>
  </connectionStrings>

Make sure the name of connection string is the same as the one in the sql role provider section.

Note: You dont need the membership provider because you are using Integrated Windows Authentication mode.

Create a role and add a user

There are 2 ways to do this.

1) Open up the SQL database where aspnet_regsql.exe has created the tables and stored procs. Create a new record in aspnet_Users , aspnet_Applications , aspnet_UsersInRoles and aspnet_Roles tables. Since you are using the windows authentication therefore make sure that you add the windows user name (Fully Qualified Domain Name / Local User Name) in the aspnet_Users table.

2) In the HomeController's Index method use the code:

Roles.CreateRole("SuperDuperUsers");
Roles.AddUserToRole("<WindowsUserName>", "SuperDuperUsers");

This will create the role and the user will be added into that role for you.

I have uploaded the sample asp.net mvc 4 application here on github for you.

In the github repo, SqlScriptOfTheDatabase.sql file contains the schema that is created to store the users and roles and their relationship. You can use this instead of using the aspnet_regsql.exe command if you want.

Hope this helps!

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM