问题
I have an ASP.NET website and I would like to only allow users in an AD group access to the site. I am using a web.config snippet as below, but this does not seem to work:
<authorization>
<deny users="*" />
<add accessType="Allow" roles="DOMAIN\GroupTest" />
</authorization>
Any advice how to implement this is much appreciated!
回答1:
You need to change your configuration as follows:
<configuration>
<system.web>
<!-- ... -->
<authorization>
<allow roles="DOMAIN\GroupTest" />
<deny users="*" />
</authorization>
<!-- ... -->
</system.web>
</configuration>
As described in this article, ASP.NET looks for a matching allow or deny rule when granting access. If a matching allow rule is encountered first, access is granted.
来源:https://stackoverflow.com/questions/34069415/allow-allow-ad-group-access