我有一个使用Windows身份验证的asp.net/c#应用程序。我正在尝试根据AD用户所属的权限来控制权限,但我似乎无法通过web.config来使用它。
我还在后面的代码中添加了一些代码,它甚至表现得很奇怪:
if (Roles.IsUserInRole("STP Admin"))
{
int j = 1;
}
if (User.IsInRole(@"DOMAINNAME\STP Admin"))
{
int i = 1;
}
第一个if块不起作用,但第二个块起作用。所以我相信这告诉我应用程序可以/正在与AD通信。
这是我的web.config,我希望代码可以去,而且它不能用于授予权限。即使我在这些组中,也会拒绝我访问路径,上面的代码证明了这一点。
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<configSections>
<section name="loggingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.LoggingSettings, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</configSections>
<loggingConfiguration name="Logging Application Block" tracingEnabled="true" defaultCategory="General" logWarningsWhenNoCategoriesMatch="true">
<listeners>
<add databaseInstanceName="STPDB" writeLogStoredProcName="WriteAuditLog" addCategoryStoredProcName="AddAuditCategory" formatter="Custom Audit Database Formatter" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Database.Configuration.FormattedDatabaseTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging.Database, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.Database.FormattedDatabaseTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging.Database, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Database Trace Listener"/>
<add source="Enterprise Library Logging" formatter="Text Formatter" log="Application" machineName="" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.FormattedEventLogTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.FormattedEventLogTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Formatted EventLog TraceListener"/>
</listeners>
<formatters>
<add template="{dictionary({key} - {value})}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Custom Audit Database Formatter"/>
<add template="Timestamp: {timestamp}
Message: {message}
Category: {category}
Priority: {priority}
EventId: {eventid}
Severity: {severity}
Title:{title}
Machine: {machine}
Application Domain: {appDomain}
Process Id: {processId}
Process Name: {processName}
Win32 Thread Id: {win32ThreadId}
Thread Name: {threadName}
Extended Properties: {dictionary({key} - {value}
)}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Text Formatter"/>
</formatters>
<categorySources>
<add switchValue="All" name="Audit">
<listeners>
<add name="Database Trace Listener"/>
</listeners>
</add>
<add switchValue="All" name="General">
<listeners>
<add name="Formatted EventLog TraceListener"/>
</listeners>
</add>
</categorySources>
<specialSources>
<allEvents switchValue="All" name="All Events"/>
<notProcessed switchValue="All" name="Unprocessed Category">
<listeners>
<add name="Formatted EventLog TraceListener"/>
</listeners>
</notProcessed>
<errors switchValue="All" name="Logging Errors & Warnings">
<listeners>
<add name="Formatted EventLog TraceListener"/>
</listeners>
</errors>
</specialSources>
</loggingConfiguration>
<connectionStrings>
<add name="STPDB" connectionString="Data Source=server\;Initial Catalog=DB;user id=usr;pwd=pass;Integrated Security=False" providerName="System.Data.SqlClient"/>
</connectionStrings>
<appSettings>
<add key="FromEmailAddress" value="stp1@company.com"/>
<add key="TrainingWarning" value="*Note: Training not being recorded for Medical, ..."/>
<add key="PrivacyMessage" value="This Information System Is Subject To The Privacy Act Of 1974"/>
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
</securityPolicy>
<authentication mode="Windows"/>
<authorization>
<deny users="?"/>
<allow roles="DOMAIN\STP Training"/>
<allow roles="DOMAIN\STP Personnel"/>
<allow roles="DOMAIN\STP Admin"/>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<clear/>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
</providers>
</roleManager>
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<add name="XmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true"/>
</providers>
</siteMap>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
-->
<customErrors mode="RemoteOnly" redirectMode="ResponseRewrite" defaultRedirect="~/ErrorPage.aspx">
</customErrors>
</system.web>
<location path="\TrainingSec">
<system.web>
<authorization>
<allow roles="STP Training"/>
<allow roles="STP Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="\Manage">
<system.web>
<authorization>
<allow roles="STP Training"/>
<deny users="*"/>
<allow roles="Sentry Admin"/>
</authorization>
</system.web>
</location>
<location path="\Admin">
<system.web>
<authorization>
<allow roles="STP Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<system.net>
<mailSettings>
<smtp deliveryMethod="Network" from="STP@Company.com">
<network defaultCredentials="false" host="11.111.11.11" port="25"/>
</smtp>
</mailSettings>
</system.net>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<defaultDocument>
<files>
<clear />
<add value="Dashboard.aspx"/>
</files>
</defaultDocument>
</system.webServer>
</configuration>
答案 0 :(得分:1)
您似乎忘记了域名部分:
<location path="\TrainingSec">
<system.web>
<authorization>
<allow roles="DOMAIN\STP Training"/>
<allow roles="DOMAIN\STP Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>