aspnet 5(MVC6)Windows身份验证+角色+授权属性 [英] aspnet 5 (MVC6) Windows Auth + roles + Authorize attribute

问题描述

我有一个在aspnet 5 MVC 6上使用Windows Auth的应用程序(使用IIS + IISPlatformHandler的Obv)

I have an app that uses Windows Auth on aspnet 5 MVC 6 (obv using IIS + IISPlatformHandler)

如何限制AD组对控制器的访问?

How can I restrict access to a controller by AD group?

我已经尝试执行以下操作，但是它不起作用:(当我查看用户声明时，我看到许多组和声明看起来像SID的{S-1-5-4}

I have tried doing something like the following, but it won't work :( When I look at my user claims I see many groups and claims that look like SID's ex. {S-1-5-4}

[Authorize(Roles = "DOMAIN\\GROUP")
public class myController : Controller{...}

推荐答案

截至2016年7月，我发现以下内容现在可用于.NET Core RTM(WebAPI):

As of July 2016, I find the following now works with .NET Core RTM (WebAPI):

[Authorize(Roles = @"DOMAIN\Group")]

如果您还想测试，这里是project.json依赖项:

Here are the project.json dependencies in case you would also like to test:

{
  "title": "My App",
  "copyright": "2016",
  "description": "WebAPI",
  "dependencies": {
    "Microsoft.AspNetCore.Mvc": "1.0.0",
    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0",
    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0",
    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0",
    "Microsoft.Extensions.Configuration.FileExtensions": "1.0.0",
    "Microsoft.Extensions.Configuration.Json": "1.0.0",
    "Microsoft.Extensions.Logging": "1.0.0",
    "Microsoft.Extensions.Logging.Console": "1.0.0",
    "Microsoft.Extensions.Logging.Debug": "1.0.0",
    "Microsoft.Extensions.Options.ConfigurationExtensions": "1.0.0",
    "Microsoft.NETCore.App": {
      "version": "1.0.0",
      "type": "platform"
    },
    "Newtonsoft.Json": "9.0.1",
    "NLog.Extensions.Logging": "1.0.0-rtm-alpha2"
  },

这篇关于aspnet 5(MVC6)Windows身份验证+角色+授权属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！