添加到jrummel提到什么,装点您的控制器或操作有以下:
[Authorize(Roles = "DOMAIN\Domain Users")]
这将只允许在特定角色的用户(在此可以在特定域的用户)访问控制器/行动(取决于你装饰)。另外,您也可以创建自己的授权属性为域的目的:
/// <summary>
/// Specified which domains a user should belong to in order to access the decorated
/// controller/action
/// </summary>
public class DomainAuthorizeAttribute : AuthorizeAttribute
{
private String[] domains = new String[0];
/// <summary>
/// List of acceptable domains
/// </summary>
public String[] Domains
{
get { return this.domains; }
set { this.domains = value; }
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
// User not logged in
if (!httpContext.User.Identity.IsAuthenticated)
{
return false;
}
// No roles to check against
if (this.Domains.Length == 0)
{
return true;
}
// check if they're on any of the domains specified
String[] roles = this.Domains.Select(d => String.Format(@"{0}\Domain Users", d)).ToArray();
if (roles.Any(httpContext.User.IsInRole))
{
return true;
}
return false;
}
}
类似的东西应该让你做的事:
[DomainAuthorize(Domains = new[]{ "DOMAIN1", "DOMAIN2" })]
就是这样,完美!非常感谢你。 – laureysruben