0
我设法通过Active Directory验证创建了MVC5 Web应用程序。但我想限制只有特定用户登录到应用程序。我怎样才能做到这一点?mvc 5仅限受限用户使用登录进行Active Directory身份验证
是否有可能我可以插入到具有受限用户的表AspNetUser,然后只允许这些用户登录到网站。
我设法通过Active Directory验证创建了MVC5 Web应用程序。但我想限制只有特定用户登录到应用程序。我怎样才能做到这一点?mvc 5仅限受限用户使用登录进行Active Directory身份验证
是否有可能我可以插入到具有受限用户的表AspNetUser,然后只允许这些用户登录到网站。
像我用你可以添加一个过滤器:(此过滤器按组)
public class AuthorizeADAttribute : AuthorizeAttribute
{
private readonly IUserProfileRepository _userProfileRepository;
/// <summary>
/// this comes from the web.config
/// </summary>
public string Groups { get; set; }
/// <summary>
/// Override the authorization routine to check if this user is part of 'AllowedOUs' (web.config key; comma delimited)
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (base.AuthorizeCore(httpContext))
{
/* Return true immediately if the authorization is not
locked down to any particular AD group */
if (String.IsNullOrEmpty(Groups))
return true;
// Get the AD groups
var groups = Groups.Split(',').ToList();
// Verify that the user is in the given AD group (if any)
var context = new PrincipalContext(
ContextType.Domain,
WebConfigurationManager.AppSettings["AllowedDomain"]);
var userPrincipal = UserPrincipal.FindByIdentity(
context,
IdentityType.SamAccountName,
httpContext.User.Identity.Name);
try
{
foreach (var group in groups)
{
if (userPrincipal.IsMemberOf(context,
IdentityType.Name,
group))
{ return true; }
}
}
catch //(Exception ex)
{
// not in group
// will fail through to non-authorized page
// can log 'hack' attempts if necessary
}
}
return false;
}
/// <summary>
/// redirect on failure
/// </summary>
/// <param name="filterContext"></param>
protected override void HandleUnauthorizedRequest(
AuthorizationContext filterContext)
{
if (filterContext.HttpContext.User.Identity.IsAuthenticated)
{
var result = new ViewResult();
result.ViewName = "NotAuthorized";
result.MasterName = "_Layout";
filterContext.Result = result;
}
else
base.HandleUnauthorizedRequest(filterContext);
}
}
,然后在任何类/方法,布置相应:
[AuthorizeAD(Groups = "Implementation Development")]
public class UserProfileController : Controller
{...
是广告里你的服务器?您是使用身份验证还是Windows身份验证? –