如何在集成Windows身份验证中使用角色
我正在研究使用Web API 2在ASP.NET MVC 5中实现的Web应用程序.
I'm working on a Web Application implemented in ASP.NET MVC 5 with Web API 2.
我通过将以下代码添加到web.config中来实现集成Windows身份验证:
I've implemented Integrated Windows Authentication by adding the following code to web.config:
<system.web>
<authentication mode="Windows" />
</system.web>
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true"/>
</authentication>
</security>
</system.webServer>
,并在控制器顶部添加[Authorize]注释.
and by adding [Authorize] annotation on top of my controllers.
现在,系统要求我根据用户角色授予对某些功能的访问权限.我有一个保存用户权限的表,但我不知道如何创建这些角色并将正确的权限与它们相关联.
Now, I'm asked to give access to some functionality based on the user's role. I've got a table where I hold the user permissions, but I don't know how I can create those roles, and associate the right permissions with them.
任何帮助将不胜感激.
预先感谢
[更新]
根据梅森的回答,我对代码进行了一些更新.
Based on mason's answer, I've updated the code a bit.
将以下行添加到web.config:
Added the following line to web.config:
<roleManager defaultProvider="MyRoleProvider">
<providers>
<add
name="MyRoleProvider"
type="MyApp.App_Start.MyRoleProvider"
applicationName="My Tool" />
</providers>
</roleManager>
MyRoleProvider.cs:
MyRoleProvider.cs:
public class MyRoleProvider : RoleProvider
{
private MyEntities db = new MyEntities();
public override void AddUsersToRoles(string[] usernames, string[] roleNames)
{
throw new NotImplementedException();
}
public override string ApplicationName
{
get;
set;
}
public override void CreateRole(string roleName)
{
throw new NotImplementedException();
}
public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
{
throw new NotImplementedException();
}
public override string[] FindUsersInRole(string roleName, string usernameToMatch)
{
throw new NotImplementedException();
}
public override string[] GetAllRoles()
{
throw new NotImplementedException();
}
public override string[] GetRolesForUser(string username)
{
throw new NotImplementedException();
}
public override string[] GetUsersInRole(string roleName)
{
throw new NotImplementedException();
}
public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
{
throw new NotImplementedException();
}
public override bool IsUserInRole(string username, string roleName)
{
vUser user = db.vUsers.Where(u => u.UserName == username).First();
if (roleName == "User")
{
if (user.IsAllowedToView == true)
{
return true;
}
else
{
return false;
}
}
else if (roleName == "Administrator")
{
if (user.IsAllowedToSubmit == true)
{
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
public override bool RoleExists(string roleName)
{
if (roleName == "User" || roleName == "Administrator")
{
return true;
}
else
{
return false;
}
}
}
当我在控制器上使用[Authorize]批注并调用HttpContext.Current.User.Identity.Name时,它将返回用于登录计算机的ID. (广告的一部分)但是,如果我使用[Authorize(Roles ="User")],它会不断询问我的用户名和密码,并且不接受任何内容.我在MyRoleProvider类的每个方法上都设置了断点,但是该程序并没有停止,这让我觉得也许甚至没有在调用该提供程序.
When I use [Authorize] annotation on my controllers, and call HttpContext.Current.User.Identity.Name it returns the ID that I use to login to my machine. (Part of AD) But, if I use [Authorize(Roles="User")], it keeps asking for my username and password again and again, and doesn't accept anything. I put breakpoints to every single method on MyRoleProvider class, but the program hasn't stopped at any which makes me think maybe it is not even calling the provider.
public override string[] GetRolesForUser(string username)
{
var userrole = from role in db.roles
where username == role.userID
select role.role1;
if (userrole != null)
return userrole.ToArray();
else
return new string[] { };
//throw new NotImplementedException();
}
此功能应进行编辑.