在旧的.NET MVC应用程序中,我可以在IIS中启用Windows身份验证并禁用匿名。然后在我的 web.config 文件中,我只需要输入以下内容:
In my old .NET MVC app, I could enable Windows Authentication in IIS and disable anonymous. Then in my web.config file I just had to put in this:
<authorization> <allow roles="Domain\MyADGroupToHaveAccess" /> <deny users="*" /> </authorization>在.NET Core 2.0中,此方法不起作用–正确拒绝匿名,但未授权所有用户
In .NET Core 2.0 this will not work – it denies anonymous correctly, but it authorizes all users no matter what.
如果我这样做:
[Authorize(Roles = "Domain\\MyADGroupToHaveAccess")]在我的 HomeController上,它可以工作,但我不想在我的项目中对此设置进行硬编码,因为在其他环境中需要更改此设置。
on my HomeController, it works, but I don't want to hardcode this setting in my project as it's something that needs to be changed for other environments.
如何使 web.config 与AD授权一起使用?还是有另一种方法不对ASP.NET Core中的设置进行硬编码?
How can I make web.config to work with AD Authorization? Or is there another way to not hardcode this setting in ASP.NET Core?
推荐答案我通过将其设置为策略来解决此问题可以调用 appsettings.json 。这样,有权访问服务器的其他人便可以将组编辑为自己的组。
I solved this by making it into a policy which is able to call appsettings.json. This way other people who have access to the server can then edit the group to their own.
在 Startup.cs :
services.AddAuthorization(options => { options.AddPolicy("ADRoleOnly", policy => policy.RequireRole(Configuration["SecuritySettings:ADGroup"])); }); services.AddMvc(config => { var policy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .Build(); config.Filters.Add(new AuthorizeFilter(policy)); });在 appsettings.json 中(或者也许 appsettings.production.json (如果有不同):
In appsettings.json (or perhaps appsettings.production.json if you have different):
"SecuritySettings": { "ADGroup": "YourDomain\\YourADGroup" }在您的控制器中,您可以使用以下属性装饰它:
In your controllers you can then decorate it with this attribute:
[Authorize(Policy = "ADRoleOnly")]希望这可以帮助其他人
我有仍然想弄清楚如何在全球范围内应用此策略,因此不必授权每个控制器,我想它可以在 services.AddMvc 中完成?
I have still to figure out how to apply this policy globally, so I don't have to authorize every controller, I'd figure it can be done in the services.AddMvc somehow?
更多推荐
ASP.NET Core通过web.config授权AD组
发布评论