is there an authorizeattribute equivalent to just

2019-01-15 18:39发布

站内问答 / 前端开发
1194 2 6

I'm working on a project that will use windows role providers and I want to limit functionality to certain AD groups.

With MVC, I could use an AuthorizeAttribute above my action methods and redirect accordingly. Is there something similar I can do for a standard web forms application (.NET 3.5) that doesn't use MVC?

2条回答
小情绪 Triste *
2楼-- · 2019-01-15 19:40

I know this is an old post but thought I'd share my experience as I just went through this. I did not want to use web.config. I was looking for a way to create an attribute for webforms similar to MVC's implementation. I found a post by Deran Schilling that I used as a basis for the attribute portion.

I created a custom IPrincipal

interface IMyPrincipal : IPrincipal
{
    string MyId { get; }
    string OrgCode { get; }
    string Email { get; }
}

and Principal

public class MyPrincipal : IMyPrincipal
{
    IIdentity identity;
    private List<string> roles;
    private string email;
    private string myId;
    private string orgCode;

    public MyPrincipal(IIdentity identity, List<string> roles, string myId, string orgCode, string email)
    {
        this.identity = identity;
        this.roles = roles;
        this.myId = myId;
        this.orgCode = orgCode;
        this.email = email;
    }

    public IIdentity Identity
    { 
        get { return identity; }
    }

    public bool IsInRole(string role)
    {
        return roles.Contains(role);
    }

    public string Email
    {
        get { return email; }
    }
    public string MyId
    {
        get { return myId; }
    }
    public string OrgCode
    {
        get { return orgCode; }
    }
}

and created an Attribute for usage on the Page

[AttributeUsage(AttributeTargets.Class, AllowMultiple = false)]
public class AdminAuthorizationAttribute : Attribute
{
    public AdminAuthorizationAttribute()
    {
        var user = (MyPrincipal)HttpContext.Current.User;

        if (user.IsInRole("MyAdmin"))
            return;

        throw new AccessDeniedException();
    }
}

and created some custom Exceptions

public class AccessDeniedException : BaseHttpException
{
    public AccessDeniedException() : base((int)HttpStatusCode.Unauthorized, "User not authorized.") { }
}

public class BaseHttpException : HttpException
{
    public BaseHttpException(int httpCode, string message) : base(httpCode, message) { }
}

and now I can apply the attribute for usage on a given page

[AdminAuthorization]
public partial class Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
    }
}
查看更多
0人赞 添加讨论(0) 举报
Animai°情兽
3楼-- · 2019-01-15 19:43

You can set this up in web.config with the authorization element. 

<configuration>
  <system.web>
    <authorization>
      <allow roles="domainname\Managers" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>

Basically domain groups are translated into roles when using <authentication mode="Windows" />. You can read more about it on MSDN

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)