is there an authorizeattribute equivalent to just standard web forms (not MVC) for .net

前端 未结 2 1645
故里飘歌
故里飘歌 2020-12-04 01:30

I\'m working on a project that will use windows role providers and I want to limit functionality to certain AD groups.

With MVC, I could use an AuthorizeAttrib

相关标签:
2条回答
  • 2020-12-04 02:17

    You can set this up in web.config with the authorization element.

    <configuration>
      <system.web>
        <authorization>
          <allow roles="domainname\Managers" />
          <deny users="*" />
        </authorization>
      </system.web>
    </configuration>
    

    Basically domain groups are translated into roles when using <authentication mode="Windows" />. You can read more about it on MSDN

    0 讨论(0)
  • 2020-12-04 02:32

    I know this is an old post but thought I'd share my experience as I just went through this. I did not want to use web.config. I was looking for a way to create an attribute for webforms similar to MVC's implementation. I found a post by Deran Schilling that I used as a basis for the attribute portion.

    I created a custom IPrincipal

    interface IMyPrincipal : IPrincipal
    {
        string MyId { get; }
        string OrgCode { get; }
        string Email { get; }
    }
    

    and Principal

    public class MyPrincipal : IMyPrincipal
    {
        IIdentity identity;
        private List<string> roles;
        private string email;
        private string myId;
        private string orgCode;
    
        public MyPrincipal(IIdentity identity, List<string> roles, string myId, string orgCode, string email)
        {
            this.identity = identity;
            this.roles = roles;
            this.myId = myId;
            this.orgCode = orgCode;
            this.email = email;
        }
    
        public IIdentity Identity
        { 
            get { return identity; }
        }
    
        public bool IsInRole(string role)
        {
            return roles.Contains(role);
        }
    
        public string Email
        {
            get { return email; }
        }
        public string MyId
        {
            get { return myId; }
        }
        public string OrgCode
        {
            get { return orgCode; }
        }
    }
    

    and created an Attribute for usage on the Page

    [AttributeUsage(AttributeTargets.Class, AllowMultiple = false)]
    public class AdminAuthorizationAttribute : Attribute
    {
        public AdminAuthorizationAttribute()
        {
            var user = (MyPrincipal)HttpContext.Current.User;
    
            if (user.IsInRole("MyAdmin"))
                return;
    
            throw new AccessDeniedException();
        }
    }
    

    and created some custom Exceptions

    public class AccessDeniedException : BaseHttpException
    {
        public AccessDeniedException() : base((int)HttpStatusCode.Unauthorized, "User not authorized.") { }
    }
    
    public class BaseHttpException : HttpException
    {
        public BaseHttpException(int httpCode, string message) : base(httpCode, message) { }
    }
    

    and now I can apply the attribute for usage on a given page

    [AdminAuthorization]
    public partial class Default : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
        }
    }
    
    0 讨论(0)
提交回复
热议问题