如何使用动态数据和活动目录实现基于角色的安全性?

时间:2021-09-13 03:01:55

What is the best way to implement security using active directory roles on an asp.net dynamic data site?

在asp.net动态数据站点上使用活动目录角色实现安全性的最佳方式是什么?

I would like to restrict certain views (and the related links) to certain roles. i.e. user A can only view list actions for table x and user B can only view list actions for table y

我希望将某些视图(以及相关链接)限制为某些角色。即用户A只能查看表x的list动作,用户B只能查看表y的list动作

3 个解决方案

#1


1  

I have a number of articles on this on my blog here A DynamicData Attribute Based Permission Solution using User Roles and here DynamicData: Database Based Permissions - Part 1 and I would also have alook at Securing Dynamic Data sample on codeplex which uses a Route Handler.

我在我的博客上有很多关于这个的文章,一个基于DynamicData属性的权限解决方案,使用用户角色,这里是DynamicData:基于数据库的权限——第1部分和我在保护codeplex上的动态数据样本时也会用到一个Route处理器。

#2


2  

I have done this in many applications.

我在很多应用中都做过。

Have Windows Authentication enabled for your application.

为您的应用程序启用Windows身份验证。

Make some object that can store user credentials and have that object stored in the session for quick retreival. If it is not there you can quickly rebuild it. I usually have each roles set to a bit eg:

创建一些对象,该对象可以存储用户凭证并将该对象存储在会话中以便快速retreival。如果它不在那里,你可以快速地重建它。我通常把每个角色都设定在一点上。


enum USER_ROLE : int
{
  Role1 = 1,
  Role2 = 2,
  Role3 = 4,
  Role4 = 8,
  etc
}

if (Context.User.IsInRole("Roll1Name")) YourUserObject.Roles += USER_ROLE.Role1;
if (Context.User.IsInRole("Roll2Name")) YourUserObject.Roles += USER_ROLE.Role2;
etc

Then anytime a control needs to be secured, I pass it into a function that takes an HtmlControl and a property based on the user's role and the security requirement for that control.

然后,每当需要保护控件时,我将其传递给一个函数,该函数根据用户的角色和该控件的安全性需求获取HtmlControl和属性。

Eg. bool SetControlSecurity(HtmlControl ctrl, int iUserRoles, int iControlRoles, ACTION eAction)

如。bool SetControlSecurity(HtmlControl ctrl, int iUserRoles, int iControlRoles, ACTION eAction)

So an example for doing a panel might be:

所以做一个小组讨论的一个例子可能是:

SetControlSecurity(pnlUserInfo, YourUserObject.Roles, eRole.Role2, ACTION.Hide);

SetControlSecurity(pnlUserInfo YourUserObject。角色,eRole。Role2 ACTION.Hide);

I usually also have it take in a param to the type of action to perform on fail of security like hide, readonly, clear data, etc...

我通常还会让它对隐藏、只读、清除数据等安全性失败的操作类型进行解析。

Comparing the role in the function is easy:

比较函数中的角色很容易:


bool bHasAccess = ((iUserRole & iControlRoles) > 0);
if (bHasAcess)
{
  // leave the control or make sure it is visible etc
}
else
{
  // take action to secure the control based on the action
}

Hope that helps.

希望有帮助。

#3


0  

You can just use the ASP.NET Active Directory Memebrship & Role providers to authenticate \ authorize the users to the application. Then you can call the Roles.IsUserInRole where ever you want to check for the AD role membership to check users are a part of the relevant group(s) before rendering the contents.

你可以使用ASP。NET Active Directory Memebrship & Role provider授权用户对应用程序进行身份验证。然后您可以调用角色。IsUserInRole,当您想要检查广告角色成员以检查用户时,在呈现内容之前,它是相关组的一部分。

#1


1  

I have a number of articles on this on my blog here A DynamicData Attribute Based Permission Solution using User Roles and here DynamicData: Database Based Permissions - Part 1 and I would also have alook at Securing Dynamic Data sample on codeplex which uses a Route Handler.

我在我的博客上有很多关于这个的文章,一个基于DynamicData属性的权限解决方案,使用用户角色,这里是DynamicData:基于数据库的权限——第1部分和我在保护codeplex上的动态数据样本时也会用到一个Route处理器。

#2


2  

I have done this in many applications.

我在很多应用中都做过。

Have Windows Authentication enabled for your application.

为您的应用程序启用Windows身份验证。

Make some object that can store user credentials and have that object stored in the session for quick retreival. If it is not there you can quickly rebuild it. I usually have each roles set to a bit eg:

创建一些对象,该对象可以存储用户凭证并将该对象存储在会话中以便快速retreival。如果它不在那里,你可以快速地重建它。我通常把每个角色都设定在一点上。


enum USER_ROLE : int
{
  Role1 = 1,
  Role2 = 2,
  Role3 = 4,
  Role4 = 8,
  etc
}

if (Context.User.IsInRole("Roll1Name")) YourUserObject.Roles += USER_ROLE.Role1;
if (Context.User.IsInRole("Roll2Name")) YourUserObject.Roles += USER_ROLE.Role2;
etc

Then anytime a control needs to be secured, I pass it into a function that takes an HtmlControl and a property based on the user's role and the security requirement for that control.

然后,每当需要保护控件时,我将其传递给一个函数,该函数根据用户的角色和该控件的安全性需求获取HtmlControl和属性。

Eg. bool SetControlSecurity(HtmlControl ctrl, int iUserRoles, int iControlRoles, ACTION eAction)

如。bool SetControlSecurity(HtmlControl ctrl, int iUserRoles, int iControlRoles, ACTION eAction)

So an example for doing a panel might be:

所以做一个小组讨论的一个例子可能是:

SetControlSecurity(pnlUserInfo, YourUserObject.Roles, eRole.Role2, ACTION.Hide);

SetControlSecurity(pnlUserInfo YourUserObject。角色,eRole。Role2 ACTION.Hide);

I usually also have it take in a param to the type of action to perform on fail of security like hide, readonly, clear data, etc...

我通常还会让它对隐藏、只读、清除数据等安全性失败的操作类型进行解析。

Comparing the role in the function is easy:

比较函数中的角色很容易:


bool bHasAccess = ((iUserRole & iControlRoles) > 0);
if (bHasAcess)
{
  // leave the control or make sure it is visible etc
}
else
{
  // take action to secure the control based on the action
}

Hope that helps.

希望有帮助。

#3


0  

You can just use the ASP.NET Active Directory Memebrship & Role providers to authenticate \ authorize the users to the application. Then you can call the Roles.IsUserInRole where ever you want to check for the AD role membership to check users are a part of the relevant group(s) before rendering the contents.

你可以使用ASP。NET Active Directory Memebrship & Role provider授权用户对应用程序进行身份验证。然后您可以调用角色。IsUserInRole,当您想要检查广告角色成员以检查用户时,在呈现内容之前,它是相关组的一部分。