如何在c＃中创建基于Intranet或ip的asp.net应用程序？ [英] how to create intranet or ip based asp.net application in c#?

问题描述

我们正在开发一个应用程序，需要对办公室中的所有员工以及办公室外的某些员工进行安全和访问，但也希望限制他们在某些条件下根据需要。我知道这可以通过ip地址，基于角色的安全性等来实现安全性。但我希望有人能够对它进行全面了解。

Hi,

We are developing an application which needs to be secured and accessible to all employees in the office and certain employees outside the office but also want to restrict them on certain conditions as per the need. I know this can be achieved by allowing security through ip address, role based security, etc. But I would like someone to put great light on it in order to understand it in full length.

推荐答案

有关ASP.NET身份验证和授权的一般视图，这是一个非常好的视图： ASP.NET身份验证和授权 [ ^ ]



- 在这种情况下，由于多种原因，基于IP的安全性不是一种选择。

- 如果所有用户都来自NT域（ActiveDirectory），则只需将AD用户和安全组分配给IIS应用程序和文件夹即可。但是这种方法仅仅适用于某些静态访问限制，例如除了这些之外根本无法到达。

- 如果您需要在应用程序中进行某种动态的权限验证和授权，这很可能是公司的情况，ASP.NET对它的回答是MembershipProvider和RoleProvider。如果所有域用户都可以，您仍然可以使用NTLM / Kerberos，但您也可以使用表单身份验证。而且默认情况下这有很好的支持。阅读本文： http://www.4guysfromrolla.com/articles/120705-1.aspx [ ^ ]

- 如果您需要更多，可以创建自己的MembershipProvider和RoleProvider，它们可以来自简单的 [ ^ ]真的复杂的 [ ^ ]取决于您的需要。

For a general view on ASP.NET authentication and authorization, this is a really good one: ASP.NET authentication and authorization[^]

- In this scenario ip based security is not an option for several reasons.
- If all users are from an NT domain (ActiveDirectory), than you can simply assign AD users and security groups to IIS applications and folders. But this approach is merely good for some static access restriction, like "other than these can not get there at all".
- If you need some sort of dynamic right authentication and authorization in the application, and this is most likely the case in a company, the ASP.NET answer to it is MembershipProvider and RoleProvider. You can still use NTLM/Kerberos if all all domain users, but you can use form authentication as well. And that has a really good support by default. Read this article: http://www.4guysfromrolla.com/articles/120705-1.aspx[^]
- If you need more, you can make your own MembershipProvider and RoleProvider, that can go from simple ones[^] to really complex ones[^] depending on your need.

这篇关于如何在c＃中创建基于Intranet或ip的asp.net应用程序？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！