如何使用Active Directory进行ASP.Net 5（MVC6）Intranet应用 [英] How to use active Directory for ASP.Net 5 (MVC6) Intranet application

问题描述

我开发一个Intranet应用程序，并想利用现有的组织的Active Directory用户身份验证和基于策略角色授权。

I am developing an intranet application and would like to use the existing organisations Active Directory for user authentication and policy based role authorisation.

有人能指出我在正确的方向？我得到一个有点困惑（当然实际上有很多困惑）。

Can someone point me in the right direction? I am getting a bit confused (well actually a lot confused).

三江源

推荐答案

每认证和Autorization资源=htt​​p://docs.asp.net/en/latest/security/index.html相对= nofollow的> http://docs.asp.net/en/latest/security/index.html

Per Authentication and Autorization resources under http://docs.asp.net/en/latest/security/index.html

首先启动一个新的ASP.Net Web应用程序项目，匹克Web应用程序模板，然后在右窗格中preSS更改身份验证按钮，选择Windows身份验证。

First start a new ASP.Net Web Application project, Pick the Web Application template then on the right pane press the "Change Authentication" button and pick "Windows Authentication".

您现在可以使用 [授权] 一类或方法来检查基本认证VS Active Directory作为RC2，你可以简单地使用组名ALA [授权（角色= @域\\组）]

You can now use [Authorize] on a class or method to check basic authentication vs active directory as of RC2 you can simply use the group names ala [Authorize(Roles=@"DOMAIN\GROUP")]

现在已经过时和繁琐的替代（仍然有效）：

The now obsolete and cumbersome alternative (still works):

如果你看看 User.Claims 你可以看到每个用户的群体存在groupsid键。建立了，你可以这样做 [授权（策略=FOOBAR）] ，并在 Startup.ConfigureServices 通过

If you look at User.Claims you can see the groupsid keys exist for each of the user's groups. Building off that you can do something like [Authorize(Policy="FOOBAR")] and define it in your Startup.ConfigureServices method via

        services.AddAuthorization(
            o => o.AddPolicy(
                "FOOBAR",
                p => p.RequireClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid",
                    "ENTER GROUP SID")
                ));

请注意，第二个参数来RequireClaim是一个字符串数组，允许多个组。

Note that the second param to RequireClaim is a string array to allow for multiple groups.

另外要注意通过此命令行魔术 DSQUERY组-nameENTER组名来找出组ID | DSGET组-sid

Also note to figure out group ids via this command line magic dsquery group -name "ENTER GROUP NAME" | dsget group -sid

这篇关于如何使用Active Directory进行ASP.Net 5（MVC6）Intranet应用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！