IIS和Active Directory权限 [英] IIS and Active Directory Permissions
问题描述
我已经建立了一个ASP.NET网站,我公司的内部网。它是利用Windows身份验证,我们使用Active Directory。我想要做的是限制本网站某些网页(添加,删除),所以只有少数人可以访问它。如何做到这一点任何想法?我想创建组在Active Directory中,所以我可以再补充人们他们,他们自动地可以访问这些受限制的页面。
I have built an ASP.NET website for my companies intranet. It is utilizing windows authentication, we use active directory. What I want to do is restrict certain pages of this website (add, delete) so only a few people can access it. Any ideas on how to do this? I want to create groups in active directory so I can just add people to them and they automatically can access these restricted pages.
感谢您的帮助
推荐答案
您只需要告诉ASP.NET要保护什么以及如何。这是通过你的web.config设置完成。例如,如果你改变你的web.config你的ASP.NET应用程序,以反映如下:
You just need to tell ASP.NET what to protect and how. This is done through your web.config settings. For example, if you change your web.config for your ASP.NET application to reflect the following:
<system.web>
<authentication mode="Windows" /> = Windows AD Auth
<identity impersonate="true"/>
<authorization>
<allow users="*"/> = Only allow authenticated users into the web site
<deny users="?"/> = Deny unauthenticated users
</authorization>
</system.web>
然后添加位置配置部分,只允许特定的角色即可访问应用程序的某些部分。角色转换为Active Directory组,例如:
Then add location config sections that only allow certain roles to visit certain parts of the application. Roles translate to Active Directory Groups, for instance:
<location path="Admin">
<system.web>
<authorization>
<allow roles="BUILTIN\Administrators" /> = only allow users of this AD Group
<deny users="*"/> = Deny everyone else
</authorization>
</system.web>
</location>
这告诉ASP.NET只允许Active Directory组所谓的管理员内的用户才能访问该文件夹中的页面。
This tells ASP.NET to only allow users within the Active Directory Group called "Administrators" to get access to the pages within that folder.
此外,在web.config文件的位置节点的路径设置,可以设置为你的应用程序的个人文件,如果他们没有分离到一个文件夹中。
Also, the "path" setting of the location node in the web.config file can be set to individual files of your application if they are not separated out into a folder.
如果您的应用程序是MVC,位置路径变量对应调用端点所采取的路径。这些都是在你的RouteConfig.cs文件通常指定。举例来说,如果你有一个MVC的URLwebsite.com/viewA/show与website.com/AdminView/show。要限制访问viewA路径将是viewA和AdminView限制对AdminView网址访问。
If your app is MVC, the location "path" variable corresponds to the path taken to invoke your endpoints. These are usually specified in your RouteConfig.cs file. For instance, if you have an MVC urls "website.com/viewA/show" vs "website.com/AdminView/show". To restrict access to viewA the path would be "viewA" and "AdminView" for restricting access to AdminView urls.
这篇关于IIS和Active Directory权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
