基于角色的安全问题 [英] Role-based security problems

问题描述

我正在尝试在我的ASP.NET应用程序中实现基于角色的安全性，

但是，每次执行IsInRole检查时，它总是返回

false ！我的Web.Config文件包含以下条目：


< authentication mode =" Windows" />


以下是返回false的示例代码：

private void Page_Load（object sender，System.EventArgs e）

{

lblOutput.Text = RoleTest（）;

}


private string RoleTest（）

{

//返回Context.User.Identity.Name.ToString（）;

返回Context.User.IsInRole（" MYDOMAIN \ \Administrators"）。 ToString（）;

}


RoleTest（）中的第一行，它返回

Context.User.Identity。名称有效并返回登录的

用户的名称。但是第二行，无论我检查什么，都会返回false

for！


这就是我为实现基于角色的安全所做的一切。有没有必要要做的更多设置？
？我是否必须填充角色，或者

初始化WindowsPrincipal对象，或者是什么？


感谢您的帮助！

I''m trying to implement role-based security in my ASP.NET application,
however, everytime I perform an IsInRole check, it ALWAYS returns
false! My Web.Config file has the following entry:

<authentication mode="Windows" />

Here is sample code that returns false:

private void Page_Load(object sender, System.EventArgs e)
{
lblOutput.Text = RoleTest();
}

private string RoleTest()
{
//return Context.User.Identity.Name.ToString();
return Context.User.IsInRole("MYDOMAIN\\Administrators"). ToString();
}

The first line in RoleTest(), where it returns
Context.User.Identity.Name works and returns the name of the logged on
user. But the second line, always returns false no matter what I check
for!

This is all I have done to implement Role-Based security. Is there
more setup that has to be done? Do I have to populate roles, or
initialize WindowsPrincipal objects, or what?

Thanks for the help!

推荐答案

在web.config文件的system.web部分下，添加以下内容：


< identity impersonate =" ; true" />

那应该可以解决你的问题。


DalePres


MCAD，MCDBA，MCSE


" Jason" < JA ************* @ hotmail.com>在消息中写道

news：11 ********************** @ z14g2000cwz.googlegr oups.com ...

Under the system.web section of your web.config file, add the following:

<identity impersonate="true"/>
That should fix your problem.

DalePres

MCAD, MCDBA, MCSE

"Jason" <ja*************@hotmail.com> wrote in message
news:11**********************@z14g2000cwz.googlegr oups.com...

我正在尝试在我的ASP.NET应用程序中实现基于角色的安全性，但是，每次执行IsInRole检查时，它总是返回
false！我的Web.Config文件包含以下条目：

I''m trying to implement role-based security in my ASP.NET application,
however, everytime I perform an IsInRole check, it ALWAYS returns
false! My Web.Config file has the following entry:

您允许哪些用户进入< authorization>
$ b $中的网站b节？如果允许

匿名访问，服务器不需要验证客户端...


-

Scott
http://www.OdeToCode.com/blogs/scott/


2005年2月5日09:58:04 -0800，Jason < ja ************* @ hotmail.com>

写道：

What users are you allowing into the site in the <authorization>
section? The server doesn''t need to authenticate the client if
anonymous access is allowed...

--
Scott
http://www.OdeToCode.com/blogs/scott/

On 5 Feb 2005 09:58:04 -0800, "Jason" <ja*************@hotmail.com>
wrote:

我正在努力实施基于角色的安全性在我的ASP.NET应用程序中，然而，每次执行IsInRole检查时，它总是返回
false！我的Web.Config文件包含以下条目：

< authentication mode =" Windows" />

以下是返回false的示例代码：

private void Page_Load（object sender，System.EventArgs e）
{
lblOutput。 Text = RoleTest（）;
}
私有字符串RoleTest（）
//
//返回Context.User.Identity.Name.ToString（）; }

RoleTest（）中的第一行，它返回的内容.Context.User.Identity.Name工作并返回登录的名称
用户。但是第二行，无论我检查什么都总是返回false！

这就是我为实现基于角色的安全所做的一切。是否有更多必须要做的设置？我是否必须填充角色，或者初始化WindowsPrincipal对象，或者什么？

感谢您的帮助！

I''m trying to implement role-based security in my ASP.NET application,
however, everytime I perform an IsInRole check, it ALWAYS returns
false! My Web.Config file has the following entry:

<authentication mode="Windows" />

Here is sample code that returns false:

private void Page_Load(object sender, System.EventArgs e)
{
lblOutput.Text = RoleTest();
}

private string RoleTest()
{
//return Context.User.Identity.Name.ToString();
return Context.User.IsInRole("MYDOMAIN\\Administrators"). ToString();
}

The first line in RoleTest(), where it returns
Context.User.Identity.Name works and returns the name of the logged on
user. But the second line, always returns false no matter what I check
for!

This is all I have done to implement Role-Based security. Is there
more setup that has to be done? Do I have to populate roles, or
initialize WindowsPrincipal objects, or what?

Thanks for the help!

这是我的web.config文件：


< system.web>

< identity impersonate =" true" /> ;

< compilation defaultLanguage =" c＃"调试= QUOT;真" />

< customErrors mode =" Off" />

< authentication mode =" Windows" />

< authorization>

< allow users =" *" /> <！ - 允许所有用户 - >

< / authorization>

< trace enabled =" false" requestLimit = QUOT; 10" pageOutput =" false"

traceMode =" SortByTime"设置LocalOnly ="真" />

< sessionState mode =" SQLServer" sqlConnectionString =" *******"

cookieless =" false"超时= QUOT; 20" />

< globalization requestEncoding =" utf-8"的ResponseEncoding = QUOT; UTF-8英寸/>

< /system.web>


我关闭了匿名访问权限，DalePres的建议没有

work。

Here is my web.config file:

<system.web>
<identity impersonate="true"/>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="Off" />
<authentication mode="Windows" />
<authorization>
<allow users="*" /> <!-- Allow all users -->
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState mode="SQLServer" sqlConnectionString="*******"
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>

I have anonymous access turned off, and DalePres'' suggestion didn''t
work.

这篇关于基于角色的安全问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！