C#用户访问角色 [英] C# user access roles

问题描述

在C#2008桌面应用程序中，我需要更改应用程序，因为所有用户都从一个域移动到新域.当前应用程序不允许用户访问新域名下的信息.
为了实现此目标，我想看看从我本人开始为那些用户设置了哪些角色.
为了实现此目标，我想知道如何访问这些角色.

我确实知道，当我查看:Thread.CurrentPrincipal.Identity.Name时，我可以访问此人的名字.我也知道，如果我使用System.Security.Principal.WindowsIdentity.GetCurrent()，则会得到相同的信息.

但是，您能否在代码中告诉我以下内容如何访问子类别:
1. Thread.CurrentPrincipal.Identity
2. System.Security.Principal.WindowsIdentity

您可以告诉我或告诉我如何通过代码实现此目标吗?

In a C# 2008 desktop application, I need change the application since all the users are moving from one domain to new domain. The current application does not let the user access information under the new domain name.
To accomplish this goal, I would like to see what roles have been setup for those users starting with myself.
To accomplish this goal, I would like to know how to access those roles.

I do know that when I look at: Thread.CurrentPrincipal.Identity.Name, I can access the person''s name. I also know that if I use System.Security.Principal.WindowsIdentity.GetCurrent(), I get the same information.

However can you tell me in code how to access the subcategories in the following:
1. Thread.CurrentPrincipal.Identity
2. System.Security.Principal.WindowsIdentity

Can you tell me in tell or show me in code how to accomplish this goal?

推荐答案

Hello

我不确定子类别"的含义，但是您可以使用以下示例代码来实现基于角色的安全性；

代码块用于角色检查；

Hello

I am not sure what the mean of "subcategories" but you can use following sample codes for role-based security;

code block for is in role checking;

public bool IsInRole(string role)
{
    bool hasRole = System.Threading.Thread.CurrentPrincipal.IsInRole(role);
    return hasRole;
}

如果您的应用程序以与用户组名称相同的Windows域帐户角色运行.

用于保护方法的样本；

if your application running with a windows domain account role equal to user group''s name.

A sample for securing a method;

public void DoSecureMethod()
{
    // read roles
    bool hasRole1 = IsInRole("Role1");
    bool hasRole2 = IsInRole("Role2");

    if (hasRole1 & hasRole2)
    {
        // do some secure thing here
    }
    else
    {
        throw new ApplicationException("Your account has not enough right for to doing something...");
    }
}

另一种选择是使用确定性安全性；

other alternate is using declerative security;

[PrincipalPermission(SecurityAction.Demand, Role = "Role1")]
public void DoAnotherSecureMethod()
{
    // this block secured by PrincipalPermissionAttribute, current user must have the role 'Role1'
}

问候，
Tarik K.

Regards,
Tarik K.

这篇关于C#用户访问角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！