发表新帖
发表新帖

is there an authorizeattribute equivalent to just standard web forms (not MVC) for .net

前端 未结
关注
2 1644
故里飘歌
故里飘歌 2020-12-04 01:30

I\'m working on a project that will use windows role providers and I want to limit functionality to certain AD groups.

With MVC, I could use an AuthorizeAttrib

相关标签:
2条回答
  • 孤街浪徒
    2020-12-04 02:17

    You can set this up in web.config with the authorization element. 

    <configuration>
  <system.web>
    <authorization>
      <allow roles="domainname\Managers" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>

    Basically domain groups are translated into roles when using <authentication mode="Windows" />. You can read more about it on MSDN

    0 讨论(0)
  • Happy的楠姐
    2020-12-04 02:32

    I know this is an old post but thought I'd share my experience as I just went through this. I did not want to use web.config. I was looking for a way to create an attribute for webforms similar to MVC's implementation. I found a post by Deran Schilling that I used as a basis for the attribute portion.

    I created a custom IPrincipal

    interface IMyPrincipal : IPrincipal
{
    string MyId { get; }
    string OrgCode { get; }
    string Email { get; }
}

    and Principal

    public class MyPrincipal : IMyPrincipal
{
    IIdentity identity;
    private List<string> roles;
    private string email;
    private string myId;
    private string orgCode;

    public MyPrincipal(IIdentity identity, List<string> roles, string myId, string orgCode, string email)
    {
        this.identity = identity;
        this.roles = roles;
        this.myId = myId;
        this.orgCode = orgCode;
        this.email = email;
    }

    public IIdentity Identity
    { 
        get { return identity; }
    }

    public bool IsInRole(string role)
    {
        return roles.Contains(role);
    }

    public string Email
    {
        get { return email; }
    }
    public string MyId
    {
        get { return myId; }
    }
    public string OrgCode
    {
        get { return orgCode; }
    }
}

    and created an Attribute for usage on the Page

    [AttributeUsage(AttributeTargets.Class, AllowMultiple = false)]
public class AdminAuthorizationAttribute : Attribute
{
    public AdminAuthorizationAttribute()
    {
        var user = (MyPrincipal)HttpContext.Current.User;

        if (user.IsInRole("MyAdmin"))
            return;

        throw new AccessDeniedException();
    }
}

    and created some custom Exceptions

    public class AccessDeniedException : BaseHttpException
{
    public AccessDeniedException() : base((int)HttpStatusCode.Unauthorized, "User not authorized.") { }
}

public class BaseHttpException : HttpException
{
    public BaseHttpException(int httpCode, string message) : base(httpCode, message) { }
}

    and now I can apply the attribute for usage on a given page

    [AdminAuthorization]
public partial class Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
    }
}
    0 讨论(0)
 看不清?
提交回复
热议问题