在ASP.NET MVC 3应用程序扩展Windows身份验证 [英] Extending Windows Authentication in ASP.NET MVC 3 Application

问题描述

很多谷歌搜索和阅读如何在ASP.NET应用程序管理混合模式身份验证几种解决方案后，我仍然有我的问题没有妥善解决。

after a lot of googling and reading several solutions on how to manage mixed mode authentication in ASP.NET apps, I still have no fitting solution for my problem.

我得落实了一堆不同的用户群体的Intranet应用程序。到现在为止我已经使用窗口authenthication这是非常容易实现。当涉及到授权用户组的特殊应用功能的出现我的问题。

I've got to implement an intranet application for a bunch of different user groups. Until now i've used windows authenthication which was very simple to implement. My problems arise when it comes to authorizing usergroups for special application functionalities.

使用 [授权（用户=域\\\\用户）] 的伟大工程，但由于我必须在Active Directory managament用不上，那是不可能的我在我需要它为我的应用程序的方式配置rolemanagement。

Using [Authorize(Users = "DOMAIN\\USER")] works great but due to that i have no access to the active directory managament, it is impossible to me to configure rolemanagement in the way I need it for my application.

我想要做的是确定在除了在活动目录中定义的那些自定义角色和成员身份（是这样的扩展可能吗？比如通过实现自己的MembershipProvider？）。

你觉得是我的问题的最佳解决方案。难道我真的要实现除Windows身份验证与窗体身份验证一个复杂的混合模式身份验证？

What do you think is the best solution for my problem. Do I really have to implement a complex mixed mode authentication with forms authentication in addition to windows authentication?

用于技术：

• MS SQL Server 2008中


• MS VS 2010


• ASP.NET MVC 3 - 的Razor视图引擎


• Telerik的扩展了ASP.NET MVC


• IIS 7在Windows Server 2008

（感谢最终解决dougajmcdonald的帮助）编辑：

指着我使用自定义的IPrincipal实施后，我找到了一些解决方案<一href=\"http://smehrozalam.word$p$pss.com/2009/01/01/using-customprincipal-with-forms-authentication-in-aspnet/\">here和<一个href=\"http://jbaurle.word$p$pss.com/2007/07/24/creating-custom-windows-authentication-roles-in-asp-net-2/\">here.把一切融合在一起我来到了以下解决方案：

After pointing me to use a custom IPrincipal implementation I've found some solutions here and here. Putting everything together I came to the following solution:

1，创建一个自定义的主要实现：

1.Create a custom principal implementation:

public class MyPrincipal: WindowsPrincipal
{
    List<string> _roles;

    public MyPrincipal(WindowsIdentity identity) : base(identity) {
        // fill roles with a sample string just to test if it works
        _roles = new List<string>{"someTestRole"}; 
        // TODO: Get roles for the identity out of a custom DB table
    }

    public override bool IsInRole(string role)
    {
        if (base.IsInRole(role) || _roles.Contains(role))
        {
            return true;
        }
        else
        {
            return false;
        }
    }
}

2.Integrate我的自定义主体实施到应用程序中通过扩展的Global.asax.cs文件：

2.Integrate my custom principal implementation into the application through extending the "Global.asax.cs" file:

    protected void Application_AuthenticateRequest(object sender, EventArgs e)
    {
        if (Request.IsAuthenticated)
        {
            WindowsIdentity wi = (WindowsIdentity)HttpContext.Current.User.Identity;
            MyPrincipal mp = new MyPrincipal(wi);
            HttpContext.Current.User = mp;
        }
    }

3.使用在我的应用授权我的自定义角色

3.Use my custom roles for authorization in my application

public class HomeController : Controller
{
    [Authorize(Roles= "someTestRole")]
    public ActionResult Index()
    {
        ViewBag.Message = "Welcome to ASP.NET MVC!";

        return View();
    }
}

它的工作原理！是啊！

It works!!! yeah!

推荐答案

我不知道这是否仍然适用MVC中，但在Web表单的一种方式做这将是如下：

I'm not sure if this still applies in MVC, but in Webforms one way to do this would be as follows:

1. 创建也许延长WindowsPrincipal一个新的IPrincipal实施


2. 在这个班，给它的角色集合（自己的自定义角色）


3. 填充这些角色，也许是通过从DB让他们。


4. 覆盖IsInRole如果所提供的角色是从基本通话（WindowsAuthentication /角色）TRUE或从自己的自定义角色集合返回true。

这样你仍然可以挂接到Principal.IsInRole（MyRole），也是主要的[的PrincipalPermission（）]注释。

This way you can still hook into Principal.IsInRole("MyRole") and also the principal [PrincipalPermission()] annotation.

希望它帮助。

编辑在回答Q的：

要整合的主要成你需要编写你自己的OnAuthenticate方法在Global.asax进行身份验证类型的授权，所以我猜对你来说，是这样的：

To integrate the principal into the authorisation you need to write your own method for OnAuthenticate in the global.asax for the type of authentication, so I would guess for you, something like this:

void WindowsAuthentication_OnAuthenticate(object sender, WindowsAuthenticationEventArgs e)
{
    // ensure we have a name and made it through authentication
    if (e.Identity != null && e.Identity.IsAuthenticated)
    {
        //create your principal, pass in the identity so you know what permissions are tied to
        MyCustomePrincipal opPrincipal = new MyCustomePrincipal(e.Identity);            
        //assign your principal to the HttpContext.Current.User, or perhaps Thread.Current
        HttpContext.Current.User = opPrincipal;    
    }
}

我相信，在授权日后的进来的PrincipalPermission的，但我也不太清楚何时/为什么差别恐怕:( - 对不起！

I believe Authorize came in at a later date to the PrincipalPermission, but I'm not too sure as to when/why of the differences I'm afraid :( - sorry!

这篇关于在ASP.NET MVC 3应用程序扩展Windows身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！