我有一个mvc内部网应用程序使用windows身份验证。它目前有一个控制器和三个动作。
第一个动作(索引)应该对所有人可用,这是没有问题的。第二个和第三个操作应该只对特定域中的用户可用。然而,<Authorize()>标签只给了我2个选项:角色或用户。我尝试使用用户并将其设置为"DOMAIN*"one_answers"DOMAIN?"’但这行不通。
我一直在网上找,但似乎找不到任何方法来完成我想要的。我希望这里有人能帮助我!
使用DOMAINDomain Users作为角色名。它是一个内置组,包含域内的所有用户。
添加jrummel提到的内容,用以下内容装饰您的控制器或操作:
[Authorize(Roles = "DOMAINDomain Users")]
这将只允许特定角色的用户(在此可以特定域的用户)访问控制器/操作(取决于您的装饰)。或者,您可以为域创建自己的Authorize属性:
/// <summary>
/// Specified which domains a user should belong to in order to access the decorated
/// controller/action
/// </summary>
public class DomainAuthorizeAttribute : AuthorizeAttribute
{
private String[] domains = new String[0];
/// <summary>
/// List of acceptable domains
/// </summary>
public String[] Domains
{
get { return this.domains; }
set { this.domains = value; }
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
// User not logged in
if (!httpContext.User.Identity.IsAuthenticated)
{
return false;
}
// No roles to check against
if (this.Domains.Length == 0)
{
return true;
}
// check if they're on any of the domains specified
String[] roles = this.Domains.Select(d => String.Format(@"{0}Domain Users", d)).ToArray();
if (roles.Any(httpContext.User.IsInRole))
{
return true;
}
return false;
}
}
类似的东西应该允许你做:[DomainAuthorize(Domains = new[]{ "DOMAIN1", "DOMAIN2" })]
对于感兴趣的人来说,这里是上述代码片段的VB版本:
''' <summary>
''' Specified which domains a user should belong to in order to access the decorated
''' controller/action
''' </summary>
Public Class DomainAuthorizeAttribute
Inherits AuthorizeAttribute
Private m_domains As [String]() = New [String](-1) {}
''' <summary>
''' List of acceptable domains
''' </summary>
Public Property Domains() As [String]()
Get
Return Me.m_domains
End Get
Set(value As [String]())
Me.m_domains = value
End Set
End Property
Protected Overrides Function AuthorizeCore(httpContext As HttpContextBase) As Boolean
If httpContext Is Nothing Then
Throw New ArgumentNullException("httpContext")
End If
' User not logged in
If Not httpContext.User.Identity.IsAuthenticated Then
Return False
End If
' No roles to check against
If Me.Domains.Length = 0 Then
Return True
End If
' check if they're on any of the domains specified
Dim roles As [String]() = Me.Domains.[Select](Function(d) [String].Format("{0}Domain Users", d)).ToArray()
For Each r In roles
If httpContext.User.IsInRole(r) Then
Return True
End If
Next
Return False
End Function
End Class
希望对大家有所帮助!(所有功劳归于Brad Christie)