ASP.NET MVC和Windows身份验证与自定义角色 [英] ASP.NET MVC and Windows Authentication with custom roles

问题描述

我想实现我的ASP.NET应用程序MVC2 Windows身份验证。
我随后正式文件提出的所有步骤：

I am trying to implement windows authentication in my ASP.NET MVC2 application. I've followed all the steps suggested by the official documentation:

<authentication mode="Windows" />

<authorization>
  <deny users="?" />
</authorization>

我指定NTLM身份验证。到现在为止还挺好。一切工作正常。
我想检查用户登录的对我的数据库。
我想从我的表中提取角色，然后使用管理自定义属性的授权。结果
我不想使用成员资格和角色提供者。
因为他们已经习惯了互联网应用程序（这是内联网应用）I'already有我的表用户/角色到位。

I've specified NTLM Authentication. So far so good. Everything works fine. I would like to check the users logged-in against my database. I would like to fetch roles from my table and then manage the authorization using a custom attribute.
I don't want to use membership and roles provider. I'already have my tables Users/Roles in place cause they've been used for an Internet App (this is the Intranet App).

在我的互联网应用我不得不在用户输入的数据的形式。该表格​​发布到一个控制器，检查一切，与登录用户的用户（和角色）创建的cookie。

In my Internet App I had a form where the user inputs the data. The form is posted to a controller which checks everything and creates a cookie with the user (and roles) of the logged-in user.

在我的Global.asax我已经被困的AuthenticateRequest事件，我读取cookie和创造，我用遍应用程序来检查的授权自定义主体。

In my global.asax I've trapped the AuthenticateRequest event where I read the cookie and create a custom principal which I use all over the app to check the authorizations.

如何能做到使用Windows身份验证实现这个？

How can I do implement this with Windows Authentication?

推荐答案

只需创建一个新的主体，并将其分配给在Global.asax中用户线（或使用动作过滤器）。

Just create a new principal and assign it to the user and thread in Global.asax (or use an action filter).

protected void Application_AuthenticateRequest(object sender, EventArgs args)
{
  if(HttpContext.Current != null)
  {
     String [] roles = GetRolesFromSomeDataTable(HttpContext.Current.User.Identity.Name);

     GenericPrincipal principal = new GenericPrincipal(HttpContext.Current.User.Identity, roles);

     Thread.CurrentPrincipal = HttpContext.Current.User = principal;
  }
}

如果一个用户没有任何匹配的角色，它们可以从应用程序使用的web.config authoirzation元素禁止：

If a user doesn't have any role that matches, they can be barred from the app using the web.config authoirzation element:

<authorization>
  <allow roles="blah,whatever"/>
  <deny users="*"/>               
</authorization>

这篇关于ASP.NET MVC和Windows身份验证与自定义角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！