Fatal编程技术网
  • asp.net/
  • 使用ADFS声明的ASP.NET Web应用程序授权

使用ADFS声明的ASP.NET Web应用程序授权

asp.net

使用ADFS声明的ASP.NET Web应用程序授权,asp.net,authorization,roles,asp.net-dynamic-data,Asp.net,Authorization,Roles,Asp.net Dynamic Data,我使用ASP.NET构建了一个动态数据web应用程序。我还为授权经理组织了一些课程。我不确定的一件事是,如何将其插入web应用程序中,使其仅具有基于ADFS声明的特定角色的用户才能访问该应用程序。为了安全起见,我提取了少量代码。以下是我目前拥有的文件: 授权助手: using System; using System.Collections.Generic; using System.Linq; using System.Security; using System.Web; namespac

我使用ASP.NET构建了一个动态数据web应用程序。我还为授权经理组织了一些课程。我不确定的一件事是,如何将其插入web应用程序中,使其仅具有基于ADFS声明的特定角色的用户才能访问该应用程序。为了安全起见,我提取了少量代码。以下是我目前拥有的文件:

授权助手:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Security;
using System.Web;

namespace ApplicationManager.Authorization
{
public class AuthorizationHelper
{
    /// <summary>
    /// Checks the access.
    /// </summary>
    /// <param name="resource">The resource.</param>
    /// <param name="action">The action.</param>
    /// <returns></returns>
    public static bool CheckAccess(string resource, string action)
    {
        AuthorizationContext context = new AuthorizationContext(HttpContext.Current.User as IClaimsPrincipal, resource, action);
        return FederatedAuthentication.ServiceConfiguration.ClaimsAuthorizationManager.CheckAccess(context);
    }

    /// <summary>
    /// Checks the access for an action based on user context.
    /// </summary>
    /// <param name="resource">The resource.</param>
    /// <param name="action">The action.</param>
    /// <param name="user">The user.</param>
    /// <returns></returns>
    public static bool CheckAccess(string resource, string action, UserInfo user)
    {
        AuthorizationContext context = new AuthorizationContext(HttpContext.Current.User as IClaimsPrincipal, resource, action);
        AuthorizationManager authManager = (AuthorizationManager)FederatedAuthentication.ServiceConfiguration.ClaimsAuthorizationManager;

        return authManager.CheckAccess(context, user);
    }

    /// <summary>
    /// Confirmes the logged in user has access to perform the specified action on the user.
    /// </summary>
    /// <param name="resource">The resource.</param>
    /// <param name="action">The action.</param>
    /// <param name="user">The user.</param>
    /// <exception cref="System.Security.SecurityException"></exception>
    public static void ConfirmAccess(string resource, string action, UserInfo user)
    {
        if (!CheckAccess(resource, action, user))
        {
            throw new SecurityException(string.Format("{0} does not have rights to manage {1}.  Please contact the idm security administrator.", HttpContext.Current.User.Identity.Name, user.UserId));
        }
    }
}
}
操作:

namespace ApplicationManager.Authorization
{
public class Operations
{
    public const string ApplicationManager = "Applications";
}
}
资源:

namespace ApplicationManager.Authorization
{
public class Resources
{
    public const string ApplicationManager = "Applications";
}
}
我希望插入这一切,并根据用户所处的角色拒绝使用该应用程序。我确实有获取userid和userrole的模型。我需要知道在何处以及如何编写此代码,以根据用户角色阻止对完整应用程序的访问

您需要在管道中注册索赔身份验证管理器。它会根据每个请求发出:

听起来你可以编写一个HttpModule并将其插入你的web.config中,我读了那篇文章,但这对我来说毫无意义。不过还是有点新鲜。 
namespace ApplicationManager.Authorization
{
public class Resources
{
    public const string ApplicationManager = "Applications";
}
}