ASP.NET Core Authorize AD Groups through web.config

前端未结

关注

 2  1272

长情又很酷 2020-12-13 16:34

In my old .NET MVC app, I could enable Windows Authentication in IIS and disable anonymous. Then in my web.config file I just had to put in this:

2条回答

庸人自扰 (楼主)

2020-12-13 17:03

To expand on Morten_564834's answer, here is our approach for this problem. Create a base controller that all controllers inherit from.

[Authorize(Policy = "AdUser")]
public class FTAControllerBase : Controller
{
    private readonly ApplicationDbContext _db;
    private readonly ILogHandler _logger;

    public FTAControllerBase(ApplicationDbContext DbContext, ILogHandler Logger, IWindowsAccountLinker WinAccountLinker)
    {
        _db = DbContext;
        _logger = Logger;

        /// get registered user via authenticated windows user.
        //var user = WinAccountLinker.LinkWindowsAccount();
    }
}

Then in your other controllers:

public class LettersController : FTAControllerBase
{ ... }

If you want granular permissions on methods:

[Authorize("GenerateLetterAdUser")]
[HttpGet]
public IActionResult Generate()
{
    return View();
}

Startup.cs:

// add authorization for application users
var section = Configuration.GetSection($"AuthorizedAdUsers");
var roles = section.Get();
services.AddAuthorization(options =>
{
    options.AddPolicy("AdUser", policy => policy.RequireRole(roles));
});

AppSettings.json:

"AuthorizedAdUsers": [
"domain\\groupname"
],

0 讨论(0)

查看其它2个回答