我種的工作了,所以這裏是萬一有人溶液想要做同樣的事情。
- 創建一個新的類從WindowsTokenRoleProvider
繼承
public class MyADProvider : WindowsTokenRoleProvider
{
//settings key
public const string Users = "Authorisation.AdGRoup.Users";
public const string Admins = "Authorisation.AdGRoup.Admins";
private ISettingsRepository settingsRepository;
public override string[] GetRolesForUser(string username)
{
// settings repository reads from settings file or DB
// actual implementation is up to you
this.settingsRepository = new SettingsRepository();
// get all the AD roles the user is in
var roles = base.GetRolesForUser(username);
List<string> returnedRoles = new List<string>
{
this.GetADRole(roles, Admins),
this.GetADRole(roles, Users)
};
return returnedRoles.ToArray();
}
private string GetADRole(string[] usersAdRoles, string roleSettingName)
{
//Get the actual name of the AD group we want from the settings
var settingName = this.settingsRepository.GetSetting(roleSettingName);
return usersAdRoles.Contains(settingName) ? roleSettingName : string.Empty;
}
}
然後切換到使用新的類web.config中:
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<clear />
<add name="AspNetWindowsTokenRoleProvider" type="MyADProvider" applicationName="/" />
</providers>
</roleManager>
然後,我可以使用的設置關鍵在代碼:
[Authorize(Roles = MysADProvider.Admins)]
public ActionResult Index()
{}
MVC屬性是相當可擴展的。在這種特殊情況下,您可能會從頭開始或通過繼承現有屬性來編寫自己的屬性,並自定義角色檢索的邏輯。 – 2015-03-03 11:37:42
謝謝Wiktor創建我自己的屬性不是我想要的,但它開始讓我按照正確的思路思考。 – Lobsterpants 2015-03-03 16:26:50