1

我有一个使用 Windows 身份验证的 asp.net/c# 应用程序。我正在尝试根据 AD 用户所属的权限来控制权限,但我似乎无法通过 web.config 让它工作。

我还在后面的代码中添加了一些代码,它甚至表现得很奇怪:

if (Roles.IsUserInRole("STP Admin"))
{
    int j = 1;
}

if (User.IsInRole(@"DOMAINNAME\STP Admin"))
{
    int i = 1;
}

第一个 if 块不起作用,但第二个块起作用。所以我相信这告诉我应用程序可以/正在与 AD 通信。

这是我的 web.config ,这是我希望代码去的地方,它不适用于授予权限。即使我在这些组中,它也会拒绝我访问路径,上面的代码证明了这一点。

<?xml version="1.0"?>

<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
  <configSections>

    <section name="loggingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.LoggingSettings, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    <section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
  </configSections>
  <loggingConfiguration name="Logging Application Block" tracingEnabled="true" defaultCategory="General" logWarningsWhenNoCategoriesMatch="true">
    <listeners>
      <add databaseInstanceName="STPDB" writeLogStoredProcName="WriteAuditLog" addCategoryStoredProcName="AddAuditCategory" formatter="Custom Audit Database Formatter" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Database.Configuration.FormattedDatabaseTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging.Database, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.Database.FormattedDatabaseTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging.Database, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Database Trace Listener"/>
      <add source="Enterprise Library Logging" formatter="Text Formatter" log="Application" machineName="" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.FormattedEventLogTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.FormattedEventLogTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Formatted EventLog TraceListener"/>
    </listeners>
    <formatters>
      <add template="{dictionary({key} - {value})}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Custom Audit Database Formatter"/>
      <add template="Timestamp: {timestamp}&#xA;Message: {message}&#xA;Category: {category}&#xA;Priority: {priority}&#xA;EventId: {eventid}&#xA;Severity: {severity}&#xA;Title:{title}&#xA;Machine: {machine}&#xA;Application Domain: {appDomain}&#xA;Process Id: {processId}&#xA;Process Name: {processName}&#xA;Win32 Thread Id: {win32ThreadId}&#xA;Thread Name: {threadName}&#xA;Extended Properties: {dictionary({key} - {value}&#xA;)}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Text Formatter"/>
    </formatters>
    <categorySources>
      <add switchValue="All" name="Audit">
        <listeners>
          <add name="Database Trace Listener"/>
        </listeners>
      </add>
      <add switchValue="All" name="General">
        <listeners>
          <add name="Formatted EventLog TraceListener"/>
        </listeners>
      </add>
    </categorySources>
    <specialSources>
      <allEvents switchValue="All" name="All Events"/>
      <notProcessed switchValue="All" name="Unprocessed Category">
        <listeners>
          <add name="Formatted EventLog TraceListener"/>
        </listeners>
      </notProcessed>
      <errors switchValue="All" name="Logging Errors &amp; Warnings">
        <listeners>
          <add name="Formatted EventLog TraceListener"/>
        </listeners>
      </errors>
    </specialSources>
  </loggingConfiguration> 
  <connectionStrings>
    <add name="STPDB" connectionString="Data Source=server\;Initial Catalog=DB;user id=usr;pwd=pass;Integrated Security=False" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <appSettings>
    <add key="FromEmailAddress" value="stp1@company.com"/>
    <add key="TrainingWarning" value="*Note: Training not being recorded for Medical, ..."/>
    <add key="PrivacyMessage" value="This Information System Is Subject To The Privacy Act Of 1974"/>
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
    <securityPolicy>
      <trustLevel name="Full" policyFile="internal"/>
    </securityPolicy>
    <authentication mode="Windows"/>
    <authorization>
      <deny users="?"/>
      <allow roles="DOMAIN\STP Training"/>
      <allow roles="DOMAIN\STP Personnel"/>
      <allow roles="DOMAIN\STP Admin"/>
      <allow users="*"/>
    </authorization>
    <identity impersonate="true"/>

    <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
      <providers>
        <clear/>
        <add name="AspNetActiveDirectoryMembershipProvider"
             type="System.Web.Security.ActiveDirectoryMembershipProvider, 
                 System.Web, Version=4.0.0.0, Culture=neutral, 
                 PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>

    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
      <providers>
        <add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
      </providers>
    </roleManager>

    <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
      <providers>
        <add name="XmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true"/>
      </providers>
    </siteMap>    

    <profile>
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>

    <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.
        -->

    <customErrors mode="RemoteOnly" redirectMode="ResponseRewrite" defaultRedirect="~/ErrorPage.aspx">
    </customErrors>
  </system.web>

  <location path="\TrainingSec">
    <system.web>
      <authorization>
        <allow roles="STP Training"/>
        <allow roles="STP Admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

  <location path="\Manage">
    <system.web>
      <authorization>
        <allow roles="STP Training"/>
        <deny users="*"/>
        <allow roles="Sentry Admin"/>
      </authorization>
    </system.web>
  </location>

  <location path="\Admin">
    <system.web>
      <authorization>
        <allow roles="STP Admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>    
  </location>

  <system.net>
    <mailSettings>
      <smtp deliveryMethod="Network" from="STP@Company.com">
        <network defaultCredentials="false" host="11.111.11.11" port="25"/>
      </smtp>
    </mailSettings>
  </system.net>

  <system.webServer>
     <modules runAllManagedModulesForAllRequests="true"/>
    <defaultDocument>
      <files>
        <clear />
        <add value="Dashboard.aspx"/>
      </files>
    </defaultDocument>
  </system.webServer>
</configuration>
4

1 回答 1

2

您似乎忘记了域部分:

  <location path="\TrainingSec">
    <system.web>
      <authorization>
        <allow roles="DOMAIN\STP Training"/>
        <allow roles="DOMAIN\STP Admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
于 2013-01-07T13:48:52.263 回答