Active Directory成员身份与站点地图安全性修剪 [英] Active Directory membership with Site Map Security Trimming
问题描述
我是.Net 2.0的新手,我不确定自己想要的是什......您是否可以将树状视图的站点地图的安全调整功能链接到Active Directory?因此,如果用户不是Active Directory组的成员,则不会显示该节点.
如果这是可能的话,我将非常感谢您对需要实施的设置进行简单的说明.我在网络上的搜索未能成功理解.
到目前为止,我尝试过的是在我的web.config文件中包含以下内容:
< 身份验证 模式 = " Windows " /> >
< roleManager defaultProvider = " WindowsProvider " 已启用 = " true " cacheRolesInCookie = " 否 " >
< 提供者 >
< 添加 名称 = " WindowsProvider "" 类型 = " System.Web.Security.WindowsTokenRoleProvider " />
</ 提供者 >
</ roleManager >
<
siteMap 已启用 = " true " ><
提供者 ><
添加 名称 = " XmlSiteMapProvider " 说明 = " Century Intranet网站地图 <字体大小= 1>" <字体颜色=#0000ff"大小= 1> <字体颜色=#ff0000"大小= 1>类型 <字体颜色=# 0000ff"size = 1> = " System.Web.XmlSiteMapProvider " siteMapFile = " web.sitemap " <字体颜色=#0000ff"大小= 1> securityTrimmingEnabled = " true " /></
提供者 ></
siteMap > 成员身份 defaultProvider = " AspNetActiveDirectoryMembershipProvider &"; ><
提供者 ><
添加 名称 = " AspNetActiveDirectoryMembershipProvider &"; type = " System.Web.Security.ActiveDirectoryMembershipProvider,System.Web,版本= 2.0.3600,文化=中性,PublicKeyToken = b03f5f7f11d50a3a
" /></
提供者 ></
成员身份 ><
位置 路径 = " content/GA &"; allowOverride <字体颜色="#0000ff"size = 1> = <字体颜色="#000000"size = 1>" <字体color =#0000ff" size = 1>否 " > ><
system.web ><
授权 ><
允许 角色 = " [DOMAIN] \ [UserGroup] " /><
拒绝 用户 = " * &"; /></
授权 ></
system.web ></
位置 >,在我的站点地图页面中,我有:
<
siteMapNode url = " Content/NoAccess.aspx " <字体color =#ff0000" size = 1>标题 = " 不显示 " 角色 = " DOMAIN] \ [UserGroup] &; ><
siteMapNode url = " Content/Allowed.aspx " <字体颜色=#ff0000"大小= 1>标题 <字体颜色=#0000ff"大小= 1> = <字体颜色=#000000"大小= 1>访问 " /></
siteMapNode >如果用户不属于[UserGroup],我可以将其锁定在Web表单之外-它会显示一条消息,表示未授权",但无论如何我尝试,我无法阻止在站点地图生成时显示用户无权访问的节点.
我当时想我必须用C#编写代码,并且可能要根据用户的组成员身份动态调用SQL Server数据库中的站点地图,但我认为应该有比这更简单的方法.
在此先感谢您提供的任何帮助.
桑迪
解决方案
<字体颜色=#0000ff"大小= 1>我能够使它正常工作,以为我有一天会发布我的web.config文件,以便有一天对其他人有帮助.
欢呼
桑迪
<?xml version ="1.0"?>
<配置>
< appSettings/>
< connectionStrings/>
< system.web>
< compilation debug =``true''/>
<验证模式="Windows"/>
< roleManager enabled ="true"; defaultProvider ="AspNetWindowsTokenRoleProvider"/>
< ;!-将siteMap提供程序映射到xml文件Web.sitemap,并启用安全性调整以修剪不同角色的节点,请参见->
siteMap defaultProvider ="XmlSiteMapProvider"; enabled ="true">
< providers>
< add name =" XmlSiteMapProvider" type ="System.Web.XmlSiteMapProvider" siteMapFile ="web.sitemap" securityTrimmingEnabled =真". />
</providers>
</siteMap>
</system.web>< ;!-访问设置-说明允许人们查看的页面/文件夹->
< ;!-请注意使用了第一个符合访问条件的真实条件,因此需要注意访问级别的排序->
<!-您还应该将安全页面分组到文件夹中具有相同级别的->< ;!-访问名为"content"的文件夹->
<位置路径=内容">
< system.web>
<授权>
< !!-这只是说所有用户都被允许,但他们必须知道自己是谁->
deny users =?"/>
< allow users ="*" />
</authorization>
</system.web>
</location>< ;!-访问名为"generalAccess"的文件夹在文件夹"content"下->
<位置路径="content/generalAccess">
< system.web>
<授权>
< deny users ="?"/>
<允许用户="*" />
</authorization>
</system.web>
</location>< ;!-访问名为"secure1"的文件夹在文件夹"content"下设置为任何人都无法访问-< location path =" content/secure/secure1" allowOverride ="false"
< system.web>
<授权>
< deny users ="?"/<>
<允许角色="[域] \ anyOldGroup" />
< deny users =``*''''/>
</authorization>
</system.web>
</location>< ;!-访问名为"secure2"的文件夹在文件夹"content"下
设置为允许同时访问两个组Administrators和Developers,这两个组是AD中的组名-< location path ="content/secure/secure2" allowOverride ="true",
,< system.web> ;,
,< authorization> ;,
,< deny users ="?"/>
[domain] \ Administrators,[domain] \ Developers" />
< deny users =" *"/>
</authorization>
</system.web>
</location>
< /configuration>
I'm new to .Net 2.0 and I'm not sure what I want is even possible.... Are you able to link the security trimming feature of the Site map for a Tree View to Active Directory so that if a user isn't a member of an Active Directory Group, then it won't show that node.
If this is possible I'd really appreciate a simple explaination of the setup I need to implement .. my searches on the web have been unsuccessful to try and understand this.
What I have tried so far is having the following in my web.config file:
<authentication mode="Windows"/>
<roleManager defaultProvider="WindowsProvider" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
<
siteMap enabled="true"><
providers><
add name="XmlSiteMapProvider" description="Century Intranet Site map" type="System.Web.XmlSiteMapProvider" siteMapFile="web.sitemap" securityTrimmingEnabled="true" /></
providers></
siteMap><
membership defaultProvider="AspNetActiveDirectoryMembershipProvider"><
providers><
add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web, Version=2.0.3600, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
" /></
providers></
membership><
location path="content/GA" allowOverride="false"><
system.web><
authorization><
allow roles="[DOMAIN]\[UserGroup]" /><
deny users="*"/></
authorization></
system.web></
location>and in my page with the site map I have:
<
siteMapNode url="Content/NoAccess.aspx" title="shouldn't show" roles="DOMAIN]\[UserGroup]"><
siteMapNode url="Content/Allowed.aspx" title="Sample of open access" /></
siteMapNode>I am able to lock users out of the web form if they are not part of the [UserGroup] - it gives a message saying 'no authorisation' but no matter what I try, I'm unable to stop the node that the user doesn't have access to from showing when the site map builds.
I was thinking that I would have to code this in C# and possibly have the sitemap in a SQL Server database to be called dynamically depending on the user's group memberships but I thought that there should be a lot easier way than this.
Thanks in advance for any help you can give me.
Sandy
I was able to get this working so thought I'd post my web.config file in the chance that it helps someone else someday.
Cheers
Sandy
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<compilation debug="true"/>
<authentication mode="Windows"/>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>
<!--map the siteMap provider to the xml file Web.sitemap with security trimming enabled to trim nodes different roles see-->
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<add name="XmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" siteMapFile="web.sitemap" securityTrimmingEnabled="true" />
</providers>
</siteMap>
</system.web><!--access setup - stating what pages / folders people are allowed to see -->
<!--note the first true condition met for access is used so need to be aware of the ordering of access levels -->
<!--also you should group your secure pages under folders with the same level of --><!-- access for folder called "content" -->
<location path="content">
<system.web>
<authorization>
<!--this just says that all users are allowed but that they must know who they are first-->
<deny users="?"/>
<allow users="*" />
</authorization>
</system.web>
</location><!-- access for folder called "generalAccess" under folder "content" -->
<location path="content/generalAccess">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*" />
</authorization>
</system.web>
</location><!-- access for folder called "secure1" under folder "content" Set to no access for anyone -->
<location path="content/secure/secure1" allowOverride="false">
<system.web>
<authorization>
<deny users="?"/>
<allow roles="[domain]\anyOldGroup" />
<deny users="*"/>
</authorization>
</system.web>
</location><!-- access for folder called "secure2" under folder "content"
Set to allow access for both groups Administrators and Developers which are the group names in AD-->
<location path="content/secure/secure2" allowOverride="true">
<system.web>
<authorization>
<deny users="?"/>
<allow roles="[domain]\Administrators, [domain]\Developers" />
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
这篇关于Active Directory成员身份与站点地图安全性修剪的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!