使用Active Directory角色提供MVC4授权 [英] Authorization using active directory role provider MVC4

问题描述

我要建在企业环境内部使用MVC4应用。我使用Windows身份验证，它工作得很好，但我使用Active Directory组作为授权角色有麻烦。

I'm building a MVC4 application for internal use in a corporate enviroment. I use windows authentication, which works fine, but I'm having troubles using Active Directory groups as roles for authorization.

我的web.config看起来是这样的：

My Web.config looks like this:

<authentication mode="Windows" />        
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
  <providers>
    <clear />
    <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
  </providers>
</roleManager>        
<authorization>
  <deny users="?" />    
</authorization>

当我使用用户权限正常工作：

When I use User authorization it works fine:

[Authorize(Users = @"DOMAIN\User1, DOMAIN\User2")]
public ActionResult Create()
{
    return View();
}

但是当我使用的角色，它只是不要让这组中的用户访问此动作：

But when I use roles, it just don't let users in that group to access this action:

[Authorize(Roles = @"Domain\Group")]
public ActionResult Create()
{
    return View();
}

我也试过指定组不带域，因为我在其他阅读的答复，但没有运气......我想我错过在Web.config的东西，但我不知道是什么...

I also tried specifying the group without the domain as I read in other replies, but no luck... I guess I'm missing something in the Web.config, but I'm not sure what...

我是避免使用自定义的角色提供，因为MVC4应该做到这一点无需自定义角色提供（或至少这是我认为）

I was avoiding to use a custom role provider because MVC4 is supposed to achieve this without a custom role provider (or at least that's what I thought)

谁能帮我？

在此先感谢！

推荐答案

我觉得这是问题。在这里阅读有关的machine.config 一些信息我检查，我不得不申请已经正确的配置。后

I found which was the problem. After reading some info about the machine.config here I checked that I had the correct configuration applied already.

Fianlly我得到了它的工作就像这样：

Fianlly I got it working just like this:

[Authorize(Roles = "Domain\\Group")]
public ActionResult Create()
{
    return View();
}

问题是我输入的团体的方式。

The problem was the way I typed the groups.

我希望这可以帮助其他人。

I hope this can help other people.

这篇关于使用Active Directory角色提供MVC4授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！