如何使用.Net Core授权AD用户 [英] How to Authorize AD users with .Net Core

问题描述

我正在尝试使用Authorize注释停止路由上的请求，但无法使其与Active Directory一起使用.有人有这个工作吗?

I'm trying to stop requests on a route using the Authorize annotation, but I can't get it to work with Active Directory. Had anyone got this working yet?

[HttpGet]
[Authorize(Roles = "DOMAIN\\Group A")]
[Route("/")] // GET: /
public IActionResult Index()
{
    return View();
}

注意:我也尝试过Authorize(Roles = @"DOMAIN\\Group A")

仅提供一些背景知识，我正在运行Windows，Visual Studio Pro 2015(更新3)

Just to give some background, I'm running Windows, Visual Studio Pro 2015 (Update 3)

这里有一些我的project.json文件:

Heres a bit from my project.json file:

"dependencies": {
    "Microsoft.AspNetCore.Authorization": "1.0.0",
    "Microsoft.AspNetCore.Mvc": "1.0.0",
    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0",
    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0",
    "Microsoft.Extensions.Configuration.CommandLine": "1.0.0",
    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0",
    "Microsoft.Extensions.Configuration.FileExtensions": "1.0.0",
    "Microsoft.Extensions.Configuration.Json": "1.0.0",
    "Microsoft.Extensions.Logging": "1.0.0",
    "Microsoft.Extensions.Logging.Console": "1.0.0",
    "Microsoft.Extensions.Logging.Debug": "1.0.0",
    "Microsoft.Extensions.Options.ConfigurationExtensions": "1.0.0",
    "Microsoft.NETCore.App": {
      "version": "1.0.0",
      "type": "platform"
    },
    "Swashbuckle.SwaggerGen": "6.0.0-beta901",
    "Swashbuckle.SwaggerUi": "6.0.0-beta901"
  }

推荐答案

您是否同时为集成身份验证配置了IIS和该应用程序?

Have you configured both IIS and the app for integrated authentication?

在您的web.config中，通过设置forwardWindowsAuthToken="true"

In your web.config do you have the asp.net core module set to forward Windows Identities, by setting forwardWindowsAuthToken="true"

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <handlers>
      <add name="aspNetCore" path="*" verb="*" 
        modules="AspNetCoreModule" resourceType="Unspecified" />
    </handlers>
    <aspNetCore processPath="%LAUNCHER_PATH%" 
      arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" 
      stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="true" />
  </system.webServer>
</configuration>

在您的program.cs中，您是否了解过与.UseIISIntegration()的IIS集成?

In your program.cs have you plumbed in IIS integration with .UseIISIntegration()?

var host = new WebHostBuilder()
    .UseKestrel()
    .UseContentRoot(Directory.GetCurrentDirectory())
    .UseIISIntegration()
    .UseStartup<Startup>()
    .Build();

您是否已在Startup.cs的ConfigureServices()方法中添加了授权并将其放在AddMvc()之前?

Have you added authorization in your ConfigureServices() method in Startup.cs and put it before AddMvc()?

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthorization();
    services.AddMvc();
}

当我准备好所有这些内容后，就可以根据角色高兴地进行授权，例如，将[Authorize(Roles = "REDMOND\\scottgu_org_fte")]放在家庭控制器上，就可以了.

When I have all those things in place I can happily authorize based on roles, for example I put [Authorize(Roles = "REDMOND\\scottgu_org_fte")] on my home controller and I get in just fine.

使用@"REDMOND\\scottgu_org_fte"无效，因为这会使字符串文字 verbatim ，因此它正在尝试评估Domain\\group，并且双斜杠是错误的. @"REDMOND\scottgu_org_fte"仍然可以.

Using @"REDMOND\\scottgu_org_fte" won't work, because that makes the string literal verbatim, so it's trying to evaluate Domain\\group, and double slashes are wrong. @"REDMOND\scottgu_org_fte" would work though.

这篇关于如何使用.Net Core授权AD用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！