具有Windows身份验证的ASP.NET Core 2.1自定义RoleProvider

本文介绍了具有Windows身份验证的ASP.NET Core 2.1自定义RoleProvider的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在将应用程序从ASP.Net MVC 5框架迁移到新的.Net Core 2.1.

I am migrating applications away from the ASP.Net MVC 5 framework to the new .Net Core 2.1.

我在MVC 5项目中将Windows身份验证与自定义RoleProvider一起使用，如下面的链接所示.

I used Windows Authentication with a Custom RoleProvider in the MVC 5 Projects as shown in the link below.

ASP.NET MVC如何创建自定义角色提供者

我如何在Core 2.1中实现相同功能，因为它似乎不包含RoleProvider功能?

How do I accomplish the same in Core 2.1 as it does not seem to contain RoleProvider capability?

我遇到的每个示例都使用带有IdentityUser和IdentityRole的个人帐户.

Every example I come across uses Individual Accounts with IdentityUser and IdentityRole.

我的用户和角色自定义表:

My custom tables for User and Roles :

public class User { public User() { UserRoles = new HashSet<UserRole>(); } [Key] public string Id { get; set; } [StringLength(50)] [Required] public string Logon { get; set; } //The users Active Directory Username public bool Active { get; set; } public ICollection<UserRole> UserRoles { get; set; } } public class Role { public Role() { UserRoles = new HashSet<UserRole>(); } [Key] public string Id { get; set; } public string Name { get; set; } public ICollection<UserRole> UserRoles { get; set; } }

我添加了一个CustomClaimsPrincipal，它类似于:

I've added a CustomClaimsPrincipal which goes like:

public class CustomClaimsPrincipal : ClaimsPrincipal { private readonly ApplicationDbContext _context; public CustomClaimsPrincipal(ApplicationDbContext context) { _context = context; } public override bool IsInRole(string role) { var currentUser = ClaimsPrincipal.Current.Identity.Name; IdentityUser user = _context.Users.FirstOrDefault(u => u.UserName.Equals(currentUser, StringComparison.CurrentCultureIgnoreCase)); //(ApplicationUser)_context.Users.FirstOrDefault(u => u.UserName.Equals(currentUser, StringComparison.CurrentCultureIgnoreCase)); var roles = from ur in _context.UserRoles.Where(p => p.UserId == user.Id) from r in _context.Roles where ur.RoleId == r.Id select r.Name; if (user != null) return roles.Any(r => r.Equals(role, StringComparison.CurrentCultureIgnoreCase)); else return false; } }

并添加到Startup.cs

and added to Startup.cs

services.AddIdentity<ApplicationUser, IdentityRole>().AddEntityFrameworkStores<ApplicationDbContext>(); services.AddScoped<ClaimsPrincipal, CustomClaimsPrincipal>();

但是它似乎仍采用原始ClaimsPrincipal IsInRole函数而不是重写，我认为这是为什么我收到错误消息主域和可信域之间的信任关系失败."

But it still seems to be taking the original ClaimsPrincipal IsInRole function instead of the override which I believe is why I'm getting the error message "The trust relationship between the primary domain and the trusted domain failed."

推荐答案

通常通过声明来管理net core中的自定义权限.您可以通过aspnet身份(如何在ASP.NET中添加声明来完成此操作身份)，也可以编写自己的中间件.

Managing custom permissions in net core is usually done via claims. You can do this via aspnet identity( How to add claims in ASP.NET Identity) or you can write your own middleware.

提出索赔后，您需要创建政策.这是通过ConfigureServices方法中的Startup.cs类完成的.

Once you have claims, you need to create Policies. This is done via the Startup.cs class in the ConfigureServices method.

services.AddAuthorization(options => { options.AddPolicy("HR", policy => policy.RequireClaim("HRTeam")); options.AddPolicy("Helpdesk", policy => policy.RequireClaim("HelpdeskTeam")); });

然后用Authorize属性装饰您的控制器/动作

And then decorate your controllers/actions with the Authorize attribure

[Authorize(Policy="Helpdesk")] public class HelpDeskController : Controller