最好的办法，以用户角色与Intranet应用程序 [英] Best approach to user roles with an intranet application

问题描述

我开发一个ASP.NET MVC内部网站，需要有几个不同的用户角色（管理员，编辑，作家等）和后端使用SQL Server。我读<一个href=\"http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.aspx\"相对=nofollow>这个帖子由scottgu有关基于角色的安全并使用，作为一个出发点。我遵循的步骤是：

I'm developing an ASP.NET MVC intranet website which needs to have a few different user roles (admin, editor, writer, etc.) and the backend uses SQL Server. I read this post by scottgu about role-based security and used that as a starting point. The steps I followed were:

配置为使用asp_regsql.exe应用程序数据库
设置的认证方式为窗口

Configured a DB using the asp_regsql.exe application Set the authentication mode to windows

<authentication mode = "Window" />

添加一个连接字符串进入到Web.config，

Added a connection string entry to the Web.config,

<connectionStrings>
  <add name="SqlRoleManagerConnection" 
       connectionString="Data Source=localhost; Initial Catalog=aspservicedb; Integrated Security=SSPI;" />
</connectionStrings>

增加了一个roleManager进入到Web.config节，

Added a roleManager entry to the Web.config section,

<roleManager enabled="true" defaultProvider="sqlRoleManager">
  <providers>
    <clear />
    <add name="sqlRoleManager" type="System.Web.Security.SqlRoleProvider"
         connectionStringName="SqlRoleManagerConnection"
         applicationName="MyApplication" />
  </providers>
</roleManager>

增加了一些作用，code到的Global.asax.cs文件的Application_Start（）方法，

Added some role code into the Application_Start() method of the Global.asax.cs file,

if (!Roles.RoleExists("Editor"))
{
   Roles.CreateRole("Editor");
}
if (!Roles.RoleExists("Writer"))
{
   Roles.CreateRole("Writer");
}
if (!Roles.RoleExists("SiteAdmin"))
{
   Roles.CreateRole("SiteAdmin");
   Roles.AddUserToRole("MYCOMPUTER\\Matt", "SiteAdmin");
}

修改我的控制器使用的角色：

Modified my controllers to use the roles:

[Authorize(Roles = "SiteAdmin")]
public class SiteAdminController : Controller
{
    .
    .
    .
}

和这一切似乎在这一点上工作，但我不知道是否有对移交的角色，或者有这种方法的问题的更好方法。这很容易说服自己的方法，是因为它的工作，但我想如果这不是解决问​​题的最好方法，采取不同的方法的现在的而不是以后一个好。在其他地方我读到有人说，这是黑客，但从来没有真正合格的，为什么他就没有解决问题的方式。你的想法？你有一个更好的东西来解决这个？

And this all seems to work at this point but I'm wondering if there is a better approach to handing roles or if there are problems with this approach. It's easy to convince oneself that the approach is a good one because it worked but I'd like to take a different approach now rather than later if this isn't the best approach to solving the problem. Elsewhere I'd read someone say this was "hack" but never really qualified why he wouldn't solve the problem this way. Your thoughts? Do you have a better what to solve this?

推荐答案

在我的一些生产MVC应用程序，我只是使用内置的SQL角色提供。它的工作原理开箱，你的模版MVC3将配置已经使用它。简单地从Visual Studio中打开管理工具和管理安全和您的角色，用户，用户添加到角色等，并完蛋了。不要用你的web.config管理哪些角色可以访问哪些URI的，这已被推荐遍地从MVC远离为多个URI可能得到一个单一的路线，让你使用（像你一样）的授权属性在用自动角色管理相结合，并且那是你所需要的。这是pretty简单。

In some of my production MVC apps, I simply use the built in sql role provider. It works out of the box, your MVC3 templates will be configured to use it already. Simply open up the admin site from within Visual Studio and manage the security and add your roles, users, users to roles, etc and thats it. Do not use your web.config to manage what roles have access to what URIs, this has been recommended over and over to stay away from in MVC as more than one uri could potentially get to a single route, so you use (as you did) the Authorize attribute in conjunction with the automatic role management, and thats all you need. It's pretty simple.

这篇关于最好的办法，以用户角色与Intranet应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！