如何使用.Net Core

时间:2016-08-11 11:29:41

标签: authorization asp.net-core

我正在尝试使用Authorize注释停止路由上的请求,但我无法使用Active Directory。有人有这个工作吗?

[HttpGet]
[Authorize(Roles = "DOMAIN\\Group A")]
[Route("/")] // GET: /
public IActionResult Index()
{
    return View();
}

注意:我也尝试了Authorize(Roles = @"DOMAIN\\Group A")

为了给出一些背景知识,我正在运行Windows,Visual Studio Pro 2015(更新3)

来自我的project.json文件:

"dependencies": {
    "Microsoft.AspNetCore.Authorization": "1.0.0",
    "Microsoft.AspNetCore.Mvc": "1.0.0",
    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0",
    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0",
    "Microsoft.Extensions.Configuration.CommandLine": "1.0.0",
    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0",
    "Microsoft.Extensions.Configuration.FileExtensions": "1.0.0",
    "Microsoft.Extensions.Configuration.Json": "1.0.0",
    "Microsoft.Extensions.Logging": "1.0.0",
    "Microsoft.Extensions.Logging.Console": "1.0.0",
    "Microsoft.Extensions.Logging.Debug": "1.0.0",
    "Microsoft.Extensions.Options.ConfigurationExtensions": "1.0.0",
    "Microsoft.NETCore.App": {
      "version": "1.0.0",
      "type": "platform"
    },
    "Swashbuckle.SwaggerGen": "6.0.0-beta901",
    "Swashbuckle.SwaggerUi": "6.0.0-beta901"
  }

2 个答案:

答案 0 :(得分:12)

您是否为IIS和应用程序配置了集成身份验证?

在您的web.config中,您是否设置了asp.net核心模块以转发Windows身份,方法是设置forwardWindowsAuthToken="true" 

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <handlers>
      <add name="aspNetCore" path="*" verb="*" 
        modules="AspNetCoreModule" resourceType="Unspecified" />
    </handlers>
    <aspNetCore processPath="%LAUNCHER_PATH%" 
      arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" 
      stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="true" />
  </system.webServer>
</configuration>

在您的program.cs中,您是否已探测到与.UseIISIntegration()的IIS集成?

var host = new WebHostBuilder()
    .UseKestrel()
    .UseContentRoot(Directory.GetCurrentDirectory())
    .UseIISIntegration()
    .UseStartup<Startup>()
    .Build();

您是否在Startup.cs中的ConfigureServices()方法中添加了授权并将其放在AddMvc()之前?

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthorization();
    services.AddMvc();
}

当我拥有所有这些东西时,我可以根据角色愉快地进行授权,例如我将[Authorize(Roles = "REDMOND\\scottgu_org_fte")]放在我的家庭控制器上,然后我就可以了。

使用@"REDMOND\\scottgu_org_fte"将无法正常工作,因为这会使字符串文字verbatim,因此它正在尝试评估Domain\\group,并且双斜杠是错误的。 @"REDMOND\scottgu_org_fte"会起作用。

答案 1 :(得分:0)

如果您只是希望按照标准MVC允许/拒绝用户,并使用IIS反向代理到Kestrel,那么您可以添加web.config并添加

<system.webServer>
  <security>
    <authorization>
      <remove users="*" roles="" verbs="" />
      <add accessType="Allow" roles="my AD User Group" />
      <add accessType="Allow" roles="uk\myUsercode" />
    </authorization>
  </security>
</system.webServer>
相关问题
最新问题