我有一个 MVC2 站点,现在允许通过 Windows 身份验证访问它,并使用 ASP.net 角色提供程序来提供授权。如果用户名是某些组的成员,我正在尝试为该站点提供一种方法,以允许用户访问该站点,因此我不必在 sql 中注册用户,而只需注册一个具有访问权限的组. 有人知道怎么做吗?有没有快速而肮脏的方法?到目前为止,在我的互联网阅读中,我还没有找到一种快速而肮脏的方法来做到这一点?任何帮助都会很棒。
谢谢
问问题
539 次
1 回答
0
Looking up Role/Group information for a User
ASP.NET provides a useful “Role Management” capability, which allows developers to map users into logical “Roles” that can then be used to better control end-user capabilities and authorization access. For example, as a developer I could create a role called “managers” for my web application, and then limit access to portions of the site to only those users within the “managers” role (note: I will be posting additional recipes in the future that discuss how to fully use the Role Management authorization and capabilities features more).
When using Windows Authentication, ASP.NET allows developers to create and populate roles from multiple sources. For example, a developer could setup the built-in ASP.NET 2.0 SqlRoleProvider to map Windows users to custom application roles that are store within a database. This approach is very useful for scenarios where there might be application-specific role mappings that don’t make sense to push into a centralized Active Directory tree/store.
ASP.NET also makes it easy to access central Windows and Active Directory group mappings from within an application as well. For example, if there is a Windows group on the Active Directory network called “DOMAIN\managers”, an ASP.NET application could lookup whether the current Windows authenticated user visiting the ASP.NET site belongs to this group by writing code like this:
If User.IsInRole("DOMAIN\managers") Then
Label1.Text = User.Identity.Name & " is a manager"
Else
Label1.Text = User.Identity.Name & " is not a manager"
End If
Note that the role/group look-up is done via the “User.IsInRole(rolename)” method that is a peer of the User.Identity.Name property.
于 2011-10-20T17:28:33.127 回答