允许允许AD组访问 [英] Allow allow AD Group access

问题描述

我有一个ASP.NET网站，我只允许AD组中的用户访问该网站。我正在使用如下的web.config代码段，但这似乎不起作用：

I have an ASP.NET website and I would like to only allow users in an AD group access to the site. I am using a web.config snippet as below, but this does not seem to work:

<authorization>
        <deny users="*" />
             <add accessType="Allow" roles="DOMAIN\GroupTest" />

        </authorization>

任何建议如何实现此功能的建议都值得赞赏！

Any advice how to implement this is much appreciated!

推荐答案

您需要按以下方式更改配置：

You need to change your configuration as follows:

<configuration>
  <system.web>
    <!-- ... -->
    <authorization>
      <allow roles="DOMAIN\GroupTest" />
      <deny users="*" />
    </authorization>
    <!-- ... -->
  </system.web>
</configuration>

如本文章，ASP.NET会寻找匹配的 allow 或<授予访问权限时使用code> deny 规则。如果首先遇到匹配的 allow 规则，则将授予访问权限。

As described in this article, ASP.NET looks for a matching allow or deny rule when granting access. If a matching allow rule is encountered first, access is granted.

这篇关于允许允许AD组访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！